Prerequisites for Using OAuth 2.0 with HIN eID
This chapter describes the prerequisites required for a successful implementation of OAuth 2.0 with HIN eID. Here, you will find information on the technical, security-related, and functional requirements that must be met to use OAuth 2.0 with HIN.
What is Required for Integration with OAuth?
To access a protected application, a HIN ID is required:
- In the Authorization Code Flow, access is granted on behalf of a user who has authenticated with their HIN ID.
- In the Client Credentials Flow, a technical user is used, for which a HIN ID is issued.
Additionally, a Client ID issued by HIN Support is required. For the Client Credentials Flow, a Client Secret is needed, which can be generated on apps.hin.ch.
Tabular Overview of Prerequisites
| Requirements | Authorization Code Flow | Client Credentials Flow |
|---|---|---|
| User Interaction | Yes, user must log in and grant access | No, no user interaction required |
| Client ID | Yes, to identify the application | Yes, to identify the application |
| Client Secret | Created and provided by HIN | Must be generated via apps.hin.ch |
| Authorization Code | Yes, received after user login | No, not used |
| Redirect URI | Yes, URL for redirecting with Access Code | No, not required |
| Access Token | Yes, after exchanging the authorization code | Yes, directly after requesting with client_credentials |
| State | Must be provided, content is irrelevant | Must be provided, content is irrelevant |
| Grant Type | authorization_code (Authorization Code Flow) | client_credentials (Application access without user) |
| Token Group | Yes, always required | Yes, always required |
| Nevis Role | Yes, always required | Yes, always required |