There are many OpenID Connect certified libraries for different development platforms. You just have to choose the one that suits you best. In our experience, it takes longer time to write the code yourself compared to using a pre-written library.
Find the libraries here
Given the security implications of getting the implementation correct, we encourage you to take advantage of a pre-written library.
We recommend utilizing a library. Our other merchants have good experience with IdentityModel.OidcClient , especially if you code in .NET. You do not need to think about code_challenge and code_verifier and etc. It might make your development a lot quicker to use a library. It is your own choice and responsibility to choose the solution that fits you the best.
Explanation of endpoints
||Interact with the resouce owner and obtain an authorization grant|
||Obtain an access and/or ID token by presenting an authorization grant or refresh token|
||Returns OpenID Connect metadata related to the specific authorization server|
Now that you are tasked with integrating the 3rd party Invoice and/or Subscriptions API, we want to ensure you get the best start. The goals of the checklist below is to clarify the integration process and recommendations
Before starting OpenID Connect
Do you experience troubles?
We return unauthorized in several circumstances, including when an access token is revoked. The error message is purposefully vague to avoid leaking information to potential hackers. Therefore, you should assume that, if you receive this error message as a response, your request is invalid, and you might want to refresh your access token using your refresh token.
In the tutorial to the right, you can see how easy it is to integrate using OpenID Connect.
We've created a video tutorial as well as code examples, so you can get an overview how easy it is, while also utilizing the provided code examples
See the following table for links to information on how to work with MobilePay and OpenID Connect
|How do I.....||Relevant Resources|
|Get the FAQ||Read the Frequently Asked Questions here.|
|Debug the OpenID Connect implementation||Read the checklist here and if it doesn't help, write to firstname.lastname@example.org|
|Learn about OpenID Connect Hybrid Flow||Read about the Hybrid Flow here.|
|Get help from the DeveloperSupport team||
write to email@example.com
|Find the OpenID Configuration endpoints||
Find the configuration links below
|Find certified OpenID Connect libraries||
Find the certified OpenID Connect libraries here
You are going to integrate using a standard hybrid flow in OpenID Connect (OIDC).
The Hybrid Flow follows the following steps:
- Client prepares an Authentication Request containing the desired request parameters
- Client sends the request to the Authorization Server.
- Authorization Server Authenticates the End-User.
- Authorization Server obtains End-User Consent/Authorization.
- Authorization Server sends the End-User back to the Client with an Authorization Code
- Client requests a response using the Authorization Code at the Token Endpoint
- Client receives a response that contains an ID Token and Access Token in the response body.
- Client validates the ID Token and retrieves the End-User's Subject Identifier.
In short - The flow is described in the following 5 steps:
- Step 1: Call /connect/authorize to initiate user login and consent
- Step 2: Wait for the response by listening on the redirect URI and get the authorization code
- Step 3: Exchange the authorization code for tokens using /connect/token
- Step 4: Keep the session alive by using the refresh token
- Step 5: Best Practice