Security

Minimum TLS Requirements

OneID requires TLS 1.2 as a minimum. Our SSL Policy follows the “Restricted profile” within Google Cloud Platform.

JWT Signing

OneID signs JWTs e.g. id_token, we use the PS256 algorithm. Our JWK can be obtained from the jwks_ uri in our well-known endpoint.

Sandbox: https://controller.sandbox.myoneid.co.uk/.well-known/openid-configuration

Production: https://controller.myoneid.co.uk/.well-known/openid-configuration

Bank Security

Banks (and more generally “Payment Service Providers”) have to meet certain standards and rules set by regulators. For OneID the most relevant rules are the following:

SCA requires the banks provide a robust method to confirm the identity of their customers. This ties in with PSD2 and Open Banking as the banks must also provide customers with secure methods for sharing information with digital services such as OneID.

Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard