Overview¶
This documentation is intended for a technical audience and describes how to integrate with DIP (Digital Identity Provider). DIP implements OIDC4IA (OpenID Connect for Identity Assurance) for secure identity verification.
Note
For an overview of the terms used in this documentation please see Glossary
What is DIP?¶
DIP (Digital Identity Provider) is an OAuth 2.0 / OpenID Connect authorization server implementing OIDC4IA. It provides secure identity verification and token issuance capabilities with Hardware Security Module (HSM) integration for cryptographic operations.
DIP enables Relying Parties (RPs) to verify end-user identities through document-based verification, returning verified identity claims in a standardized OIDC4IA format.
Key Features¶
| Feature | Description |
|---|---|
| FAPI 2.0 Compliant | Implements Financial-grade API security profile |
| Pushed Authorization Requests (PAR) | All authorization requests must be pushed to the server first |
| Private Key JWT Authentication | Client authentication using signed JWTs |
| PKCE Required | Proof Key for Code Exchange for all flows |
| Encrypted ID Tokens | ID tokens are signed and encrypted |
| Document Verification | Passport and ID card verification with issuer checks |