eIDs
United Kingdom OneID
Learn more about OneID products, scopes, and how to gain access to production.
Triggering OneID
Use acr_values=urn:grn:authn:uk:oneid to trigger OneID authentication.
You must also specify which OneID product to use and which data scopes to request. All OneID scopes must be prefixed with oneid: in your authorization request. For example:
https://YOUR_SUBDOMAIN.criipto.id/oauth2/authorize
?acr_values=urn:grn:authn:uk:oneid
&scope=openid oneid:profile oneid:date_of_birth oneid:product:id_proof
&response_type=code
&client_id=YOUR_CLIENT_ID
&redirect_uri=YOUR_REDIRECT_URI
Products and scopes
OneID is organized into three solution categories, each containing one or more products. Every authentication request must include exactly one product scope to select the product. The product determines which data scopes are available.
Data scopes
| Scope | Description |
|---|---|
oneid:profile | Full name (name, given_name, family_name) |
oneid:date_of_birth | Date of birth (birthdate) |
oneid:address | Residential address |
oneid:email | Email address |
oneid:phone | Phone number |
oneid:age_over_18 | Boolean: user is over 18 |
oneid:age_over_21 | Boolean: user is over 21 |
oneid:age_over_25 | Boolean: user is over 25 |
oneid:accounts | Bank account details |
oneid:accounts.balances | Account balance (requires accounts) |
oneid:fraud | Fraud screening result |
oneid:pep_and_sanctions | PEP and sanctions watchlist screening result |
Products and their supported scopes
| Product | Scope value | Supported Scopes |
|---|---|---|
| Age Products | ||
| Age Verification | oneid:product:age_verification |
|
| Age Assure | oneid:product:age_assure |
|
| Age Check | oneid:product:age_check | openid, oneid:age_over_18 |
| Identity Products | ||
| ID Live | oneid:product:id_live | openid |
| ID Check | oneid:product:id_check | openid, oneid:profile |
| ID Proof | oneid:product:id_proof |
|
| ID Assure | oneid:product:id_assure |
|
| Onboarding Products | ||
| Sign-up | oneid:product:sign_up |
|
| Sign-up Plus | oneid:product:sign_up_plus |
|
| Sign-in | oneid:product:sign_in | openid |
| Sign-in Refresh | oneid:product:sign_in_refresh | openid, oneid:profile, oneid:address, oneid:email, oneid:phone |
Testing
OneID provides a sandbox environment for development and testing. In the sandbox, a model bank simulates a participating bank and offers several test identities, including happy-path users and error scenarios.
To get sandbox access, sign up at the OneID developer portal. You will receive an email with a link to the OneID Console, where you can create an application registration. Login to the OneID Console requires a Google or Microsoft account.
Once you have a sandbox registration, enter your client ID and client secret the eID Providers > One ID section of your Idura Dashboard to start making authentication requests.
Ordering OneID
To start accepting real users with OneID, please contact sales. Once your OneID integration is configured in your Idura tenant, follow the getting ready for production guide.