Overview
A brief introduction for the Trust1Authentication Service
Introduction
The T1Authentication service, hosted by Trust1Team is an authentication page which can be used to authenticate users to your application using:
smart cards, tokens or other hardware identity means
Smart-ID mobile app
The service is web layer on top of the Trust1Connector to enable smart token interactions with a local device. The concept enforced by using the Trust1Connector, is to enable a decentralized Identity borker which in solely control of the end-user, the user of your web application.
Benefits when using the Trust1Authentication service:
very quick and easy integration (see further and try it out)
dynamic configurable means (ways for a user to autenticate)
detailed report for certificate validation
no need to dive into detailed security implementation in a complex domain
dynamic branding with customizable authentication flows
low-cost and maintained externally
User Interaction Flow
The Relying Party can opt-in for multiple authentication means. An authentication mean is for example:
'beid': use Belgian eID smart card for authentication
'smart-id: use SmartID mobile application for user authentication
Depending on the allowed authentication means, the user is redirected to the authentication page. The authentication flow is summarized in the image below:
The steps for a user Authentication are:
Verify phone
Verify secret (OTP)
[Optional] Select Authentication mean
Identify
Authentication
After a succesfull user authentication, the user is redirected back to the Relying Party application. When the Relying Party has provided a webhook initially, a HTTP POST request will be provided to the application, prior to the user redirect.
The POST request, contains the following information:
result status
session context (RP application parameters, correlation ID)
session tracker information (process step results, tracing information)
validation report (JSON formatted report of the certificate validation)
Last updated
