Frequently Asked Questions
Common Questions
How can I resolve the error “Invalid Callback Registered callback does not match with the provided url
This error occurs mainly for two reasons:
- The callback provided and the one sent in the call must be exactly the same, same protocol (https) and same path (including "/" characters). Check if there is a mismatch
- Each credential is matched with one (or more) callback url. Check if the credential sent are the right one
How can I add the user mobile information in the response received from CIAM
By default, the only information retrieved from CIAM for a user are: first name and last name. If you have the necessity to retrieve more information write to a CIAM administrator to add the requested information to the application
How can I generate the ciam-access-token requested in the provisioning API?
The ciam-access-token is not a fixed token and it is generated after a successful login on CIAM following the authorization code flow (with or without the PKCE flow depending on the implementation)
How can I add the user mobile information in the response received from CIAM
By default, the only information retrieved from CIAM for a user are: first name and last name. If you have the necessity to retrieve more information write to a CIAM administrator to add the requested information to the application
How can I resolve 400 error code returned by the provisioning API?
In case the API returns the 400 error code without any explanation be sure that the request contains the header Content-Type: application/json
How the front-end can make the authorization flow calls with PKCE?
Here an example on how to implement the PKCE flow from the front-end with js without using any library
Is It possible to customize the login page or to have more specific rules for my application (e.g. password policies, email template, event sent by email etc.)
As the CIAM is an independent platform used as an identity provider it is not possible to have specific rules for an application
OpenID Questions
What problem does OpenID Connect solve?
It lets app and site developers authenticate users without taking on the responsibility of storing and managing passwords in the face of an Internet that is well-populated with people trying to compromise your users’ accounts for their own gain
What is OAuth 2.0 and how does it related to OpenID Connect?
OAuth 2.0, is a framework, specified by the IETF in RFCs 6749 and 6750 (published in 2012) designed to support the development of authentication and authorization protocols. It provides a variety of standardized message flows based on JSON and HTTP; OpenID Connect uses these to provide Identity services
Where can I find code implementing CIAM and OpenID Connect??
The Login Workflows page lists xxxx in a number of different languages that implement OpenID Connect and related specifications
Where can I find more information on OpenID Connect?
ref links:
Why should I use OpenID Connect?
ABecause it’s easy, reliable, secure, and lets them get out of the difficult and dangerous business of storing and managing other people’s passwords. There is the added benefit that it also make users’ lives easier during sign-up and registration thus reducing site abandonment
How does it improve security?
Public-key-encryption-based authentication frameworks like OpenID Connect (and its predecessors) globally increase the security of the whole Internet by putting the responsibility for user identity verification in the hands of the most expert service providers. Compared to its predecessors, OpenID Connect is dramatically easier to implement and integrate and can expect to receive much wider adoption
How does OpenID Connect relate to SAML?
The Security Assertion Markup Language (SAML) is an XML-based federation technology used in some enterprise and academic use cases. OpenID Connect can satisfy these same use cases but with a simpler, JSON/REST based protocol. OpenID Connect was designed to also support native apps and mobile applications, whereas SAML was designed only for Web-based applications. SAML and OpenID Connect will likely coexist for quite some time, with each being deployed in situations where they make sense