HIN Access - OAuth2 Integration

Process

1. A third-party application wants to access a HIN protected resource (ACS application) on behalf of a HIN identity.

2. If there is no token for the corresponding HIN identity in the third-party application, the browser must be redirected to apps.hin.ch. The accessing user must log in to apps.hin.ch using two-factor authentication (e.g., HIN Client). The user is presented with an Auth Code in the web application.

3. The Auth Code is transferred by the user to the third-party application. Various mechanisms are used for this (see chapter "Obtaining and Using Auth Code"):

   • Copy/paste of the Auth Code or photographing a QR code
   • direct transmission via https or protocol handler

4. With the Auth Code, the third-party application can obtain the Access Token.

5. With the Access Token, access to the protected resource is possible on behalf of the HIN identity of the user.