Connecting with OpenID Connect (OIDC)

MyDataHelps supports the OpenId Connect standard (OIDC) for verifying the identity of a user. Using this standard you can redirect the users to MyDataHelps.org for login and then receive a signed identity token (JSON Web Token with identity claims). If the user is already authenticated (using MyDataHelps in the same browser window) they will not need to log in again.

Client Registration

You first need to obtain a Client ID from RKStudio Support. We will require the following information for both the test and production projects:

  • Name of Application/Site.
  • Redirect URI where the OIDC response should be sent. Must be a fully-qualified URI with the HTTPS protocol.
  • Project Name.

Client Libraries

The OIDC specification suggests client libraries for a variety of technology platforms.

Identity Claims

The standard claims are defined by the specification. The “sub” claim will be a stable UUID for the user and MyDataHelps will return the ParticipantIdentifier separately as the “participantidentifier” claim.

Server Information

You can find the OIDC metadata at the following location: https://mydatahelps.org/identityserver/.well-known/openid-configuration

The OIDC metadata includes a link to the JWKS URI where you can find the public key of the certificate(s) used to sign the identity tokens. Most client libraries support consuming the OIDC metadata and downloading the certificates automatically.