Documentation

# Generic OpenID Connect Integration with VerifEye

This guide walks you through setting up VerifEye as a generic OpenID Connect (OIDC) provider, enabling you to use VerifEye's biometric verification as an authentication factor in any OIDC-compliant identity provider or application.

# Prerequisites

Before configuring your identity provider, ensure you have:

  • A VerifEye account and API key
  • Admin access to your identity provider or application
  • Understanding of the OpenID Connect flow
  • A verification configuration set up for OIDC integration (see below)

# Configuring the VerifEye Verification

To integrate VerifEye with any OIDC-compliant system, you need to create a VerifEye verification configuration that will be used as the OIDC provider. Follow these steps:

You can create a new verification configuration in the VerifEye Developer Console under Verification Configurations. Make sure to note the configuration ID and API key, as you will need these for the identity provider setup.

# 1. Basic Settings

When creating the verification configuration, set the following basic settings:

Field Value
Name Generic OIDC Verification
Passed URL Set the OpenID Connect endpoints depending on your VerifEye region, for example for the EU region: https://verifeye-oidc-eu.realeyes.ai/v1/openid/verify-result
Failed URL Set the OpenID Connect endpoints depending on your VerifEye region, for example for the EU region: https://verifeye-oidc-eu.realeyes.ai/v1/openid/verify-result

# 2. Verifier Configuration

For the OIDC integration, you must configure the verification configuration to include the following settings:

  • Face Recognition
    • Unique Match Verification: one person can be only registered once in the system, if the same person tries to register again with a different identifier (email address), the verification will fail
    • Match Verification: one person can be registered multiple times in the system, if the same person tries to register again with a different identifier (email address), the verification will pass

Additionally you can configure other settings such as liveness detection, age or gender verification.

# 3. Advanced Settings

For the OIDC integration, you must also configure the following advanced settings:

  • Include Signature: enabled
  • Include Verification Result: enabled
  • Include Custom Input Parameters: enabled
  • Force Signed Input: enabled

# OIDC Provider Configuration Details

When configuring VerifEye as an OpenID Connect provider in your identity provider or application, use the following values:

# Required Configuration Values

Parameter Value
Client ID Your VerifEye verification configuration ID, e.g. if this is your verification URL https://verifeye-service-eu.realeyes.ai/verification/e4fc930b-d780-47e3-ae4c-0d5d2f22e54e then it can be found at the end e4fc930b-d780-47e3-ae4c-0d5d2f22e54e
Client Secret Your VerifEye API Key, which can be found in the VerifEye Console under Settings > Account Information
Scopes openid email

# Regional Endpoints

Configure the OpenID Connect endpoints based on your VerifEye region:

# EU Region

Endpoint URL
Issuer URL https://verifeye-oidc-eu.realeyes.ai
Authorization URL https://verifeye-oidc-eu.realeyes.ai/v1/openid/authorize
Token URL https://verifeye-oidc-eu.realeyes.ai/v1/openid/token
JWKS URL https://verifeye-oidc-eu.realeyes.ai/v1/openid/jwks

# US Region

Endpoint URL
Issuer URL https://verifeye-oidc-us.realeyes.ai
Authorization URL https://verifeye-oidc-us.realeyes.ai/v1/openid/authorize
Token URL https://verifeye-oidc-us.realeyes.ai/v1/openid/token
JWKS URL https://verifeye-oidc-us.realeyes.ai/v1/openid/jwks

# Authentication Flow

The VerifEye OIDC service follows the standard OAuth 2.0/OpenID Connect authorization code flow:

  1. User attempts to authenticate with your application
  2. Application redirects user to VerifEye authorization endpoint
  3. User completes biometric verification using your configured verification settings
  4. Upon successful verification, user is redirected back to your application with authorization code
  5. Your application exchanges the authorization code for access and ID tokens
  6. User authentication is complete