MojeID now speaks more languages: it has learned the SAML and OpenID Connect protocols

Since its establishment in 2010, the mojeID service was closely connected with the OpenID 2.0 authentication protocol. This protocol was the best choice for us at the time, as it combined the implementation simplicity with availability of libraries for various programming languages. However, OpenID 2.0 is not the only authentication protocol. I wrote in our blog (only in Czech) about several others, like the SAML protocol or OpenID Connect. Especially for the latter one, OpenID Connect, standardization of which was finished at the beginning of last year, analysts forecast a promising future. The good news is that mojeID is no longer “monolingual”, it is now able to communicate with service providers via the mentioned protocols.

mojeid-interfaces

First, I will mention the SAML 2.0 protocol, which has been present in mojeID for a few months. This protocol will probably never be very widespread among new service providers, but it allows you to connect the existing systems, which are historically based on it. For us, the primary motivation was cooperation in the European projects STORK and eIDAS, where the emerging software uses only the SAML protocol. The secondary motivation was working with the CESNET organization that operates the Czech academic identity federation eduID. Closer involvement in eduID would, for example, simplify implementation of mojeID in libraries and bring the service closer to the academic environment. Currently, communication with mojeID via the SAML protocol requires manual registration of a service provider, so if you are interested in such an interconnection, please contact us at podpora@mojeid.cz and we will go through the registration process together.

A few weeks ago, we also integrated the OpenID Connect protocol into mojeID. This young protocol is built on a series of standards from the IETF, particularly the OAuth 2.0 protocol. Most of its properties I already mentioned in an earlier article, so I am not going to repeat myself. Among the main changes, there is a much simpler implementation on the part of service providers and support of mobile platforms and JavaScript applications. We decided to demonstrate this simplicity by creating a simple library, with which, by simply adding three lines to your web form, you can allow its pre-filling with data from mojeID. More information can be found on the library page (only in Czech). Other libraries for various languages ​​are available from the OpenID Foundation website. An important thing is that one of the first companies to fully switch to the new protocol was Google, so if you have an option to login through Google, you are probably already using the OpenID Connect. Then you just have to change the configuration to make it use mojeID data instead of the corresponding Google data in order to take full advantage of our service.

Google’s reaction to the new protocol was fairly rapid and tough at the same time. Since mid-April of this year, Google stopped supporting all older versions of OAuth and OpenID in favor of the new protocol. We, on the other hand, set no strict migration terms for our providers just yet. First let’s see how the new protocol takes hold. So if this is the moment you were waiting for to implement mojeID on your website, then you do not have to wait anymore and go for it :).

Author:

Leave a comment