It allows users to access your sites or applications more securely and without the need to enter passwords, using their phone as a means of authentication.
The authentication process is performed using tuidd Log-in, a tool based on the OAuth2 OpenID standard.
To use this service, you need to integrate the tuidd Log-in button on your site, which is provided in the SDKs available for download.
When a user registers on your site through tuidd, a unique identifier is generated. PCR . This identifier must be kept linked to the user in your system.
When a user clicks on that button to enter your site, a notification will be sent to their cell phone, asking them to confirm the action. When the user accepts on his cell phone, he will be able to access your site.
According to the security requirements of your site, the user can confirm with a single click, entering a PIN, or presenting his fingerprint, or through another available biometric mechanism. Note: The user's PIN or biometric information never travels through the network.
This mechanism also serves to request express authorizations from the user, such as accepting charges, terms and conditions, etc.
Keep in mind that this service does not generate any type of cost. For more information you can consult the Terms and Conditions from service.
Following is a brief description of the Authorization flow:
1. The user clicks on the tuidd Log-in button that you integrated in your site, an authorization request is made to the tuidd server, passing the information required by the user and the LoA (security level) required for the operation .
2. According to the security level required, tuidd selects the appropriate authentication form and sends the user a request for authentication and authorization.
3. The user agrees to share the data requested by the Provider, and is authenticated.
4. The tuidd server sends an Access Code to the Provider's server.
5. The Provider system uses the Access Code to obtain a tuidd Access Token.
6. tuidd validates the Access Code and returns an Access Token. It also returns within a JWT the PCR (unique identifier of the user) and context information, for example how and when the authentication was performed, and when it expires.
7. Optionally, if required, using the Access Token, the Provider can request from tuidd the personal data that the user agreed to share.
8. Finally, the Provider grants the user access to its platform.