GlobaliD Web Connect
GlobaliD Web Connect is a web-based implementation you may use to authenticate and authorize users without requiring the download of the GlobaliD app. Like GlobaliD App Connect, Web Connect allows users to securely sign up for your product or service, verify aspects of their identity, consent to share their personally identifiable information (PII), and log in securely. Developers interface with it through standard Oauth 2.0 protocols. Unlike GlobaliD Connect, the Web Connect flow is accessed through a browser which users can be redirected to, and thus can also be presented in a UI Web View interface in a mobile application.
When users onboard through Web Connect, they:
Visit your website or mobile application, which redirects them to Web Connect. You can invoke this in the current tab users are working on, a new tab, or a popup window.
Are guided through the process of registering for a GlobaliD Name, selecting a password, and completing necessary required verifications. If users have previously completed the set of required verifications, they will skip this step.
Consent to share required personal data with you upon successful verification, if they have not done so yet.
Are returned to a previously-specified whitelisted redirect URLto continue their experience on your website or mobile application as an authorized user.
|Users directed to complete required verifications||User has the required verifications and must approve partner app use|
Setting up the Web Connect
This page describes how developers setup an instance of GlobaliD Connect. To specify that you would like to use Web Connect, select the
WebClient method when asked for "User Interaction Method" in the "Connect URLs" configuration section:
A few verifications take some time to review and verify. As an example, Photo ID verifications may take up to 10-20 minutes to verify. In such cases, a given acrc may be created as a delayed verification.
With delayed verifications, a user has the option to return to you application instead of waiting for minutes on the web Connect UI for a verification to complete. This means that a user may return to your application without finishing the set of required verifications. When the verification has been verified, users will receive an SMS message notifying them that the verification is ready for them to review.
When an acrc is a delayed verification and a user returns without completing the set of verifications,
- The URL returned will include the paramter
decoupled_maf_uuid along with an authorization code. When this
decoupled_maf_uuid is present, a user has not finished a delayed verification and has returned to your application before the verification has completed and before they have consented to sharing data with you.
- Your application can use the API endpoint
/v1/consent/command/<decoupled_maf_uuid> to find the status of the given acrc and the status of the delayed verifications.
Once a delayed verification is completed, users receive an SMS notifying them that the verification is complete. They can then return to the web connect UI to approve the verification and continue the authentication process. Upon completion, a user will be redirected to your application with an authorization code, which can successfully be exchanged for an access token.
It is best practice to provide a slightly altered experience for users who return a
decoupled_maf_uuid. We suggest either providing a simple UI component to notify them that your application is awaiting for their verifications to finish, or to provide a limited siged-in experience as you wait for all the verifications to complete and for users to consent sharing the data you need with your application.
In order to enable the Delayed Verification Experience, Partners must provide GlobaliD a
decoupled_maf_redirect_url, which is used to route users to a partner's location of choice when a user is awating the verification to be verified. Additionally, this is required to allow users to receive an SMS during this experience.
Please email firstname.lastname@example.org with your
acrc_id you wish to make decoupled, and your desired
Accessing PII Data
In specific circumstances, gllobliD may grant your application access to retrieve encrypted and verified user Personal Identifiable Information (PII). This will be done by accessing the GlobaliD Vault.
Please visit the GlobaliD Vault page for more information.