OpenID Connect Libraries

There are many OpenID Connect certified libraries for different development platforms. You just have to choose the one that suits you best. In our experience, it takes longer time to write the code yourself compared to using a pre-written library. 

Find the libraries here  

 

Given the security implications of getting the implementation correct, we encourage you to take advantage of a pre-written library. 

Tip: IdentityModel.OidcClient

​We recommend utilizing a library. Our other merchants have good experience with IdentityModel.OidcClient , especially if you code in .NET. You do not need to think about code_challenge and code_verifier and etc. It might make your development a lot quicker to use a library. It is your own choice and responsibility to choose the solution that fits you the best.  

Overview 

The diagram below illustrates the process of how to get consent from the merchant, so you can use the tokens. If you follow it, you will quickly have gone through OpenID Connect, so you can start calling the API.

Endpoints 

Explanation of endpoints 

Parameters Description
/authorize
Interact with the resouce owner and obtain an authorization grant 
/token Obtain an access and/or ID token by presenting an authorization grant or refresh token 
/.well-known/openid-configuration Returns OpenID Connect metadata related to the specific authorization server
Our recommendation 

Now that you are tasked with integrating the 3rd party Invoice and/or Subscriptions API, we want to ensure you get the best start. The goals of the checklist below is to clarify the integration process and recommendations

 

Component Tasks 

 

Before starting OpenID Connect 

  1. Finish configuration here 
  2. Receive testmerchant and Client Credentials in zip from developer@mobilepay.dk
  3. Read the guideline here
  4. See the Authentication video here 
  5. Pick an OpenID Connect library 
    • Certified C#/NetStandard OpenID Connect Client Library for native mobile/desktop Applications. Get started here 
    • Javascript library
 

During Integration

 

 

Do you experience troubles?

  • Have you read our FAQ?
  • Have you checked the checklist?
  • Write to developer@mobilepay.dk  
    • ensure you send us your concrete request, with a timestamp, so we can search in our logs.
 

Start Testing

  • Follow the process for Subscriptions here
  • Follow the process for Invoice here 

 

Limitations

We return unauthorized in several circumstances, including when an access token is revoked. The error message is purposefully vague to avoid leaking information to potential hackers. Therefore, you should assume that, if you receive this error message as a response, your request is invalid, and you might want to refresh your access token using your refresh token. 

Developer Tutorial 

In the tutorial to the right, you can see how easy it is to integrate using OpenID Connect.

We've created a video tutorial as well as code examples, so you can get an overview how easy it is, while also utilizing the provided code examples 

Download Code example

 

The image below is a link to the tutorial. You can click on it

How do I ? 

 See the following table for links to information on how to work with MobilePay and OpenID Connect  

How do I.....  Relevant Resources 
Get the FAQ Read the Frequently Asked Questions here.
Debug the OpenID Connect implementation  Read the checklist here and if it doesn't help, write to developer@mobilepay.dk 
Learn about OpenID Connect Hybrid Flow  Read about the Hybrid Flow here.
Get help from the DeveloperSupport team  

write to developer@mobilepay.dk

Find the OpenID Configuration endpoints

Find the configuration links below 

Find certified OpenID Connect libraries

Find the certified OpenID Connect libraries here 

Standard Hybrid Flow 

You are going to integrate using a standard hybrid flow in OpenID Connect (OIDC).


The Hybrid Flow follows the following steps:

  1. Client prepares an Authentication Request containing the desired request parameters
  2. Client sends the request to the Authorization Server.
  3. Authorization Server Authenticates the End-User.
  4. Authorization Server obtains End-User Consent/Authorization.
  5. Authorization Server sends the End-User back to the Client with an Authorization Code 
  6. Client requests a response using the Authorization Code at the Token Endpoint
  7. Client receives a response that contains an ID Token and Access Token in the response body.
  8. Client validates the ID Token and retrieves the End-User's Subject Identifier.

In short - The flow is described in the following 5 steps:

Token process
 

Step 1 - Authorization request 

The first step in OpenID is the authorization request. In OpenID Connect, you're doing a round trip to our authentication server, to get consent from a merchant.

Step 1