Security
Minimum TLS Requirements
OneID requires TLS 1.2 as a minimum. Our SSL Policy follows the “Restricted profile” within Google Cloud Platform.
JWT Signing
OneID signs JWTs e.g. id_token, we use the PS256 algorithm. Our JWK can be obtained from the jwks_ uri in our well-known endpoint.
Sandbox: https://controller.sandbox.myoneid.co.uk/.well-known/openid-configuration
Production: https://controller.myoneid.co.uk/.well-known/openid-configuration
Bank Security
Banks (and more generally “Payment Service Providers”) have to meet certain standards and rules set by regulators. For OneID the most relevant rules are the following:
SCA requires the banks provide a robust method to confirm the identity of their customers. This ties in with PSD2 and Open Banking as the banks must also provide customers with secure methods for sharing information with digital services such as OneID.