GlobaliD App Connect
App Connect is an OAuth2 implementation for the globaliD platform that supports user authentication with conditional verification requirements.
When users onboard through globaliD Connect, they:
1. Either scan a QR code on a desktop browser with their globaliD app, or are routed to the GlobaliD app directly if they are on their mobile phones. If the users do not yet have the GlobaliD mobile application, they are prompted to download it.
- Are guided through the process for requesting any required verifications that they do not yet have attached to their GlobaliD Names. If the users already have the required verifications, they will skip this step.
Are asked to consent to login to your service
Have the option to consent to share any personally identifiable information (PII) associated with the required verifications, if partners need to access it for operational or compliance reasons, and if approved by the globaliD team.
|Users directed to complete required verifications||User has the required verifications and must approve partner app use|
Setting up App Connect
This page describes how developers setup an instance of GlobaliD Connect. To specify that you would like to use App Connect, select the
QR Code method when asked for "User Interaction Method" in the "Connect URLs" configuration section:
A few verifications take some time to review and verify. As an example, Photo ID verifications may take up to 10-20 minutes to verify. In such cases, a given acrc may be created as a delayed verification.
With delayed verifications, a user has the option to return to you application instead of waiting for minutes on the web Connect UI for a verification to complete. This means that a user may return to your application without finishing the set of required verifications. When the verification has been verified, users will receive an SMS message notifying them that the verification is ready for them to review.
When an acrc is a delayed verification and a user returns without completing the set of verifications,
- The URL returned will include the paramter
decoupled_maf_uuid along with an authorization code. When this
decoupled_maf_uuid is present, a user has not finished a delayed verification and has returned to your application before the verification has completed and before they have consented to sharing data with you.
- Your application can use the API endpoint
/v1/consent/command/<decoupled_maf_uuid> to find the status of the given acrc and the status of the delayed verifications.
Once a delayed verification is completed, users receive an SMS notifying them that the verification is complete. They can then return to the web connect UI to approve the verification and continue the authentication process. Upon completion, a user will be redirected to your application with an authorization code, which can successfully be exchanged for an access token.
It is best practice to provide a slightly altered experience for users who return a
decoupled_maf_uuid. We suggest either providing a simple UI component to notify them that your application is awaiting for their verifications to finish, or to provide a limited siged-in experience as you wait for all the verifications to complete and for users to consent sharing the data you need with your application.
In order to enable the Delayed Verification Experience, Partners must provide GlobaliD a
decoupled_maf_redirect_url, which is used to route users to a partner's location of choice when a user is awating the verification to be verified. Additionally, this is required to allow users to receive an SMS during this experience.
Please email email@example.com with your
acrc_id you wish to make decoupled, and your desired
Accessing PII Data
In specific circumstances, gllobliD may grant your application access to retrieve encrypted and verified user Personal Identifiable Information (PII). This will be done by accessing the GlobaliD Vault.
Please visit the GlobaliD Vault page for more information.