Connecting with OpenID Connect (OIDC)
MyDataHelps supports the OpenId Connect standard (OIDC) for verifying the identity of a user. Using this standard you can redirect the users to MyDataHelps.org for login and then receive a signed identity token (JSON Web Token with identity claims). If the user is already authenticated (using MyDataHelps in the same browser window) they will not need to log in again.
Client Registration
You first need to obtain a Client ID from MyDataHelps Support. We will require the following information for both the test and production projects:
- Name of Application/Site.
- Redirect URI where the OIDC response should be sent. Must be a fully-qualified URI with the HTTPS protocol.
- Project Name.
Client Libraries
The OIDC specification suggests client libraries for a variety of technology platforms.
Identity Claims
When you redirect to the OIDC server for authorization, you will use OIDC scopes to specify what access your app needs. The MyDataHelps OIDC authorization supports the standard scopes and claims defined by the specification. The ones you will commonly use include:
| Scope |
Description |
openid |
Basic OIDC user attributes. (required) |
profile |
User profile information, such as first and last name. |
email |
User email attributes. |
Below are some notes explaining how the standard identity claims relate to MyDataHelps user properties:
| Claim |
From Scope |
Description |
sub |
openid |
A stable UUID for the user. |
participantidentifier |
openid |
The participant identifier associated with the user. |
email |
email |
The user’s email address. |
email_verified |
email |
Whether the user has verified their email. |
You can find the OIDC metadata at the following location: https://mydatahelps.org/identityserver/.well-known/openid-configuration
The OIDC metadata includes a link to the JWKS URI where you can find the public key of the certificate(s) used to sign the identity tokens. Most client libraries support consuming the OIDC metadata and downloading the certificates automatically.