OpenID as a service
Becoming an OpenID provider enables you to safely leverage your existing user base and allows your users to easily sign-in on your partners' sites by using their existing accounts.
You will be able to quickly deploy your own authentication connector just like the most widely used identity providers (Facebook, Google, Apple …). It also allows you to securely share authorized users' information with your partners.
Here’s a quick demo down below:
Allow the consent callback URL on the first party client you use for the Hosted pages.
Allowed Callback URLs:
In, select + New Client.
Enter the client name.
The name of the ReachFive client and account appear on the consents hosted page.
Client type, select
Upload a logo to be displayed on the consent page.
Website URL, define the logo link
The logo and Website URL parameters are mandatory.
Add the scopes based on grants to collect.
All scopes which are requested appear on the consent page and must be authorized by the user, except
The display name is the scope name: to display
View your Immatriculation, the scope name must be
Token Endpoint Authentication Method, select the method you will use for your authentication process.
Consider an identity provider We Retail (first-party site) and the partner We Airline (third-party site).
To start an OaaS flow, call /oauth/authorize from your website with a third-party client:
https://YOUR_DOMAIN/oauth/authorize? client_id=YOUR_CLIENT_ID& scope=openid%20email%20phone%20profile& redirect_uri=REDIRECT_URI& response_type=id_token
Users are automatically redirected to the Authentication Hosted Page to log in.
Users with an active session will be automatically redirected to the consent page.
After logging in, users are redirected to the consent page where they can grant authorization to the third-party site for the requested scopes.
The name of the ReachFive client and account configured on the third-party client appear on the consents hosted page. The background and the primary colour are inherited from the login hosted page configuration.
Users are then logged in and redirected to the initial