Return Page

The return page is where you will be redirected after the user has authenticated and shared data from their bank.

As mentioned in our OpenID Connect Profile, we support the OIDC authorization code flow, which means that an authorization code will be returned that needs to be exchanged for a token.

The implementation of the return page differs based on the type of environment.

Public Client

A public client is an application running in environment that is not trusted to keep a client secret confidential, this can be a browser or a mobile app.

Currently the only way to implement a public client is by using the OneID button, the script for it should also be included in the return page.

<script id="oneid-button" src="" data-client-id=""></script>

This gives you access to the OneID Javascript API that allows you to easily retrieve the user identity data or verify their age.

Examples

Retrieve userinfo

OneID.getUser()
  .then((user) => {
    console.log(user.address);
    console.log(user.name);
    console.log(user.email);
    console.log(user.phoneNumber);
  })
  .catch((error) => {
    console.log(error.error);
  });

Verify age

OneID.verifyAgeOver(18)
  .then((ageCheck) => {
    console.log(ageCheck);
    if (ageCheck) {
      console.log("User is over the age");
    } else {
      console.log("User is under the age");
    }
  })
  .catch((error) => {
    console.log(error.error);
  });

Confidential Client

A confidential client is an application running in a server environment that is trusted to keep a client secret confidential. In this case the authorization code is passed on to the backend server that is responsible to exchange it for a token.

The access token can then be used on either the /userinfo or the /ageverification endpoint.

Environments

The base URLs for the following endpoints are the following:

  • https://controller.myoneid.co.uk for Production

  • https://controller.sandbox.myoneid.co.uk for Sandbox

Endpoints

POST /token

GET /userinfo

  • Header[“Authorization”] = “Bearer access_token”

  • Response data

{
  "name": "",
  "given_name": "",
  "family_name": "",
  "middle_name": "",
  "email": "",
  "birthdate": "",
  "phone_number": "",
  "address": {
    "street_address": "",
    "locality": "",
    "region": "",
    "postal_code": "",
    "country": ""
  }
}

GET /ageverification

  • Header[“Authorization”] = “Bearer access_token”

  • Response data

{
  "age_over_18": true
}

Implementation examples

Exchange code for a token

import 	"golang.org/x/oauth2"

// retrieve code and state from the return page url
code := r.URL.Query().Get("code")
state := r.URL.Query().Get("state")
ses, _ := mvrp.sessionStore.Get(r.Context(), state)

oauthConfig := &oauth2.Config{
    RedirectURL:  "https://redirecturl/return",
    ClientID:     "client_id",
    ClientSecret: "client_secret",
    Scopes:       []string{},
    Endpoint: oauth2.Endpoint{
        TokenURL: fmt.Sprintf(
            "https://oneid/token?code_verifier=%s&state=%s",
            codeVerifier,
            state,
        ),
    },
}

oauthRes, _ := oauthConfig.Exchange(ctx, code)

Retrieve userinfo

type UserIdentity struct {
		Name        string `json:"name,omitempty"`
		GivenName   string `json:"given_name,omitempty"`
		FamilyName  string `json:"family_name,omitempty"`
		MiddleName  string `json:"middle_name,omitempty"`
		Email       string `json:"email,omitempty"`
		DateOfBirth string `json:"birthdate,omitempty"`
		PhoneNumber string `json:"phone_number,omitempty"`
		Address     struct {
			StreetAddress string `json:"street_address,omitempty"`
			Locality      string `json:"locality,omitempty"`
			Region        string `json:"region,omitempty"`
			PostalCode    string `json:"postal_code,omitempty"`
			Country       string `json:"country,omitempty"`
		} `json:"address,omitempty"`
}

client := &http.Client{}
req, _ := http.NewRequest("GET", "https://oneid/userinfo", nil)
req.Header.Add("Authorization", "Bearer "+oauthRes.AccessToken)
resp, _ := client.Do(req)

user := UserIdentity{}
json.NewDecoder(resp.Body).Decode(&user)

Verify age

client := &http.Client{}
req, _ := http.NewRequest("GET", "https://oneid/ageverification", nil)
req.Header.Add("Authorization", "Bearer "+oauthRes.AccessToken)
resp, _ := client.Do(req)

ageVerification := make(map[string]bool{})
json.NewDecoder(resp.Body).Decode(&ageVerification)

if ageVerification["age_over_18"] {
    fmt.Println("User is over 18")
}