Signicat Integration: Security
Ville Häkkinen
Last Update hace un mes
HeadQ integrates with Signicat using the OpenID Connect (OIDC) Authorization Code Flow. This flow is designed to ensure secure authentication by allowing the client application (HeadQ) to authenticate and authorize users without exposing sensitive information, such as tokens, directly to the user agent or other potentially vulnerable environments.
This article outlines how we handle security at each stage of the authorization process.
What is the Authorization Code Flow?
The Authorization Code Flow is a two-step OIDC flow that ensures secure communication between the user, client (HeadQ), and the OIDC server (Signicat). This approach provides a safe method for retrieving an authorization code, which can then be exchanged for tokens that allow secure access to resources.
The core advantage of this flow lies in its separation of the authorization request and token retrieval, minimizing token exposure to the user agent.
Security Process Overview
The Authorization Code Flow sequence includes:
- User Authentication Request: The user initiates a request to be authenticated. The order ID will passed as a parameter with the request to to match identification to correct order.
- Authentication Request Sent to OIDC Server: The client prepares and securely sends the request to the OIDC server.
- End-User Authentication by Authorization Server: The authorization server authenticates the end-user based on their credentials. For example if client is using Finnish Trust Network as ID method, end user will be shown list of banks the identify against.
- Authorization Grant Code Requested: The OIDC server processes the authentication and prepares an authorization code.
- End-User Consent Obtained:
- If consent is denied, authorization is halted, and access is denied. End-user will receive error message at the checkout.
- If consent is granted, the flow proceeds, and the user is redirected to the client with the authorization code.
- Authorization Code Exchanged at Token Endpoint: The client securely exchanges the authorization code for tokens at the OIDC server’s token endpoint.
- Token Response: The client receives an ID token, access token, and optionally a refresh token.
- Token Validation and Access Request: The client validates the ID token, retrieves the end-user’s identifier, and requests resources on behalf of the user.
After succesful idenfication, following information will be stored in the order as metadata:
As described...
Field name | Example | Description |
---|---|---|
name | Onni Juhani Korhonen | Dolor |
auth_at | 2024-10-28T10:26:43.000Z | Authentication timestamp |
ftn_idp | fi-nordea | Idenfication provider ID |
success | true | Boolean value whether the idenfication was succesfull or not. |
How HeadQ Ensures Security at Each Step
Client Authentication: HeadQ enforces the use of a shared client secret in all interactions with the OIDC server, ensuring that only authenticated and trusted client applications can obtain tokens. This shared secret is securely stored and managed following industry best practices to prevent exposure. Additionally, HeadQ employs message-level encryption to protect data integrity and confidentiality during communication with the authorization server.
Authorization Code Confidentiality: The authorization code obtained during the process is never exposed to the user agent, providing an additional layer of security by preventing potential malicious applications from accessing the code.
Token Endpoint Protection: The exchange of the authorization code for tokens occurs directly between HeadQ and Signicat’s token endpoint, safeguarded by SSL/TLS encryption to maintain data privacy and security during transmission.
Token Validation: Upon receiving the tokens, HeadQ performs a thorough validation of the ID token to ensure it’s issued by Signicat and is intended for our specific client application. This validation process includes verifying token signatures, expiration times, and the subject identifier, confirming the end-user’s identity.
User Consent and Privacy: HeadQ respects and enforces the end-user’s consent preferences. No data is accessed without explicit user consent, ensuring that user privacy is always safeguarded throughout the authentication process. Additionally, with integration configuration, you as the store owner can control the types of information that HeadQ can access during the authentication process.
From a security standpoint, HeadQ ensures that all sensitive data, including client secrets and encryption keys, is securely encrypted at rest in our database. We use strong, industry-standard encryption algorithms to protect these critical pieces of information, ensuring they remain inaccessible to unauthorized users and are only used in the use they are meant for.
By implementing these measures, HeadQ maintains a secure, reliable, and user-centered approach to identity and provide stront customer authencation with Signicat.