OIDC for Identity Assurance Guide
Retrieve Identity Assurance Information
OpenID Connect for Identity Assurance 1.0 (OIDC4IDA or IDA) is a technical specification that OAuth 2.0 and OpenID Connect (OIDC) as its base and defines a JSON structure that conveys verified claims of a natural person.
This specification defines an extension to OpenID Connect for providing our customers with identity information, i.e., Verified Claims, along with an explicit statement about the verification status of these Claims (what, how, when, according to what rules, using what evidence). This specification is aimed at enabling use cases requiring strong assurance, for example, to comply with regulatory requirements such as Anti-Money Laundering laws or access to health data, risk mitigation, or fraud prevention.
OIDC for Identity Assurance is an optional extension to the following products:
- ID Check
- ID Proof
- ID Assure
- ID Scan
- Sign Up
- Sign Up Plus
- Sign In Refresh
- Age Assure
The key data we return are shown in the table below:
| Element | Description | Example |
|---|---|---|
| Trust Framework | The trust framework under which we have assessed the data and its source. OneID is certified under the governments Digital Identity Trust Framework (DIATF). | uk_diatf |
| Assurance Level | The assurance level based on the Trust Framework. OneID Products meet Medium, High or Very High levels of assurance depending on the type of data requested and returned. | medium |
| Policy | The standard policy that was followed in assessment of the Assurance Level. The DIATF uses policies set out under the Good Practice Guide (45) (GPG45). | gpg45 |
| Procedure | The specific procedure from the policy (GPG45) that was followed in order to ascertain the Assurance level. | m1c |
| Transaction Type | The type of evidence that was used to prove the identity. (e.g. electronic records from a data source) | electronic_record |
| Record Type | For electronic_record .
The type of record that was used to prove the identity. | bank_account |
| Record Source | For electronic_record .
The source of the record that was used to prove the identity. | Bank Name |
| Document Type | For document .
The type of document used to perform identity verification. | passport |
| Check Method | What check was done in relation to the evidence. | auth |
GET /userinfo
Return Identity Assurance Data for the user identified by the Authorization OAuth token.
This is an optional extension to OIDC's user info endpoint and is returned in addition to the user data (see Service Overview)
Authorization
You need to include a bearer token retrieved from the token endpoint.
Example Responses
The verified_claims field can be a single object or an array of objects.
https://openid.net/specs/openid-ida-verified-claims-1_0-final.html#section-5.2-1
Bank Account
{ "sub": "e78de561-8d08-53eb-9de8-73cac1652851", "name": "Alix Rayner", "given_name": "Alix", "family_name": "Rayner", "birthdate": "1996-09-10", "address": { "street_address": "80 Temple Way,Winterton-On-Sea", "locality": "Great Yarmouth", "region": "Norfolk", "postal_code": "NR29 9QS", "country": "GB" }, "verified_claims": { "verification": { "trust_framework": "uk_diatf", "assurance_level": "medium", "assurance_process": { "policy": "gpg45", "procedure": "m1c", "assurance_details": [ { "evidence_ref": [ { "check_id": "journey-id-28401282-b93e-4eca-b4f5-55ac8f87bd3d", } ] } ] }, "evidence": [ { "type": "electronic_record", "check_details": { "check_method": "auth", "check_id": "journey-id-28401282-b93e-4eca-b4f5-55ac8f87bd3d" }, "record": { "type": "bank_account", "source": { "name": "Model Bank Identity" } } } ] }, "claims": { "name": "Alix Rayner", "given_name": "Alix", "family_name": "Rayner", "birthdate": "1996-09-10", "address": { "street_address": "80 Temple Way,Winterton-On-Sea", "locality": "Great Yarmouth", "region": "Norfolk", "postal_code": "NR29 9QS", "country": "GB" } } }}Driving License
{ "sub": "e78de561-8d08-53eb-9de8-73cac1652851", "name": "Alix Rayner", "given_name": "Alix", "family_name": "Rayner", "birthdate": "1996-09-10", "address": { "street_address": "80 Temple Way,Winterton-On-Sea", "locality": "Great Yarmouth", "region": "Norfolk", "postal_code": "NR29 9QS", "country": "GB" }, "verified_claims": { "verification": { "trust_framework": "uk_diatf", "assurance_level": "medium", "assurance_process": { "policy": "gpg45", "procedure": "m1c", "assurance_details": [ { "evidence_ref": [ { "check_id": "journey-id-28401282-b93e-4eca-b4f5-55ac8f87bd3d" } ] } ] }, "evidence": [ { "type": "document", "check_details": { "check_method": "vri", "check_id": "journey-id-28401282-b93e-4eca-b4f5-55ac8f87bd3d" }, "document_details": { "type": "driving_permit" } } ] }, "claims": { "name": "Alix Rayner", "given_name": "Alix", "family_name": "Rayner", "birthdate": "1996-09-10", "address": { "street_address": "80 Temple Way,Winterton-On-Sea", "locality": "Great Yarmouth", "region": "Norfolk", "postal_code": "NR29 9QS", "country": "GB" } } }}Status Codes
- 200 OK
- 400 Bad request