Skip to main content

General guidelines

Use this scenario if you have an existing service provider that supports the OIDC standard and acts as an intermediary between your application and Visual Passcodes. This approach is for backend applications secured by an existing OIDC-compliant service provider (e.g., Keycloak, Auth0, Okta). Your application will typically not interact directly with Visual Passcodes; instead, your OIDC provider handles the communication.

Prerequisites:

  • You have an existing OIDC-compliant service provider that acts as the identity broker for your applications.
  • You must register your service provider (not your individual application) with our Visual Passcodes service to obtain a client_id and client_secret for this integration. The client type for this registration will be Confidential.

Integration Steps:

The integration focuses on configuring your existing OIDC provider to delegate authentication to Visual Passcodes. Your application code will not need to change, as it continues to trust and communicate only with your existing service provider.

  1. Add Visual Passcodes as an Upstream Identity Provider: In your existing service provider's admin console, add our Visual Passcodes service as a new external OpenID Connect identity provider. This feature is sometimes called an "Identity Provider" or an "Enterprise Connection."
  2. Configure the Connection:
    • Use our discovery endpoint (https://your-server.com/api/oidc/{tenant_id}/.well-known/openid-configuration) to automatically populate most of the required fields within your OIDC provider's configuration.
    • You will need to manually enter the client_id and client_secret you obtained from Visual Passcodes during the registration of your service provider.
    • Example (Keycloak): In your realm, navigate to Identity Providers. Select OpenID Connect v1.0 from the list. On the configuration page, paste our discovery endpoint URL into the "Import from URL" field. Fill in the Client ID and Client Secret we provided.
    • Example (Auth0): Navigate to Authentication > Enterprise. Choose OpenID Connect and click Create Connection. Fill in the connection details, including the Issuer URL (from our discovery document), Client ID, and Client Secret.
  3. Enable for Your Application: Enable the newly configured identity provider connection for your client application(s) within your service provider's dashboard.
  4. Authentication Flow: When users log in to your application, they will see an option (or be automatically redirected, depending on your OIDC provider's setup) to authenticate using the Visual Passcodes service. Your OIDC provider (e.g., Keycloak/Auth0) will manage the entire OIDC flow with Visual Passcodes. After Visual Passcodes successfully authenticates the user and returns tokens to your OIDC provider, your provider will establish a session and issue its own tokens to your application, as it normally would.