Skip to main content

Procivis One OpenID Bridge

Integrate digital credentials into your OpenID Connect solution

OpenID Bridge enables any OIDC provider to accept credentials for frictionless, secure login without the need for usernames and passwords.

  • Accept credentials from EUDI, Swiss E-ID, or other digital wallets.
  • Issue credentials to customers or employees for easy login to your services.
  • Make login more secure with verifiability and take advantage of digital credential features such as key binding and hardware binding.

What is OIDC?

OpenID Connect is an authentication protocol that allows relying parties (or "verifiers") to verify the identify of users and obtain profile information via 3rd-party identity providers. It's widely available and used commonly for single sign-on (SSO), enabling end users to authenticate to applications by signing in to an email provider, a social media platform, or some other trusted identity provider.

OIDC benefits client applications by allowing them to outsource the management of passwords and other security elements, and take advantage of standardized protocols, common libraries and a wide range of major providers.

OIDC benefits end users by allowing them to consolidate login processes and reduce the number of passwords to remember.

What is OpenID Bridge?

OpenID Bridge allows any relying party to accept a digital credential for end user authentication and profile information without needing to change how they do authentication. This brings a host of benefits to relying parties and end users.

Relying party benefits:

  • Comply with new digital credential ecosystems such as eIDAS, ISO mDL, and the Swiss E-ID, without changing entire authentication infrastructure.
    • Add a "Login with your EUDI Wallet" button to your application with a simple integration.
  • Add password-free login option to existing processes for faster onboarding and reduced friction.
  • Client applications still get secure authentication and critical profile information.

End user benefits:

  • No need to remember or protect usernames and passwords for login.
  • Can authenticate without phoning home to an identity provider.
  • Use one digital wallet for streamlined authentication.

How OpenID Bridge works

OpenID Bridge integrates with any OIDC provider and transforms standardized digital credentials into OIDC-compatible data by mapping credential claims to OIDC claims.

When a user wants to authenticate with their digital wallet, OpenID Bridge uses the Procivis One Core to initiate the standard proof request flow used for credentials.

After the user submits a valid proof, OpenID Bridge maps the shared claims to the session and creates the authorization code, just as if the user had logged in with their username and password.

Once the access token is issued, the client application can use it to access protected resources following the standard OIDC flow. This integration allows organizations to adopt credential verification without modifying their existing authentication infrastructure. This approach combines the security and privacy benefits of digital credentials with the widespread compatibility of the OIDC protocol.

Get started with OpenID Bridge

Read the guide to integrating OpenID Bridge.