### Install OpenID Connect PHP Library
Source: https://docs.idura.app/verify/integrations/PHP
Instructions for installing the required OpenID Connect client library using Composer and including the autoloader in your PHP project.
```bash
composer require jumbojett/openid-connect-php
```
```php
require __DIR__ . '/vendor/autoload.php';
```
--------------------------------
### Install Idura Verify React SDK
Source: https://docs.idura.app/verify/integrations/react
Installs the necessary npm package to enable Idura Verify authentication features in a React project.
```bash
npm install @criipto/verify-react
```
--------------------------------
### Initiate Implicit Flow Authentication Request
Source: https://docs.idura.app/verify/getting-started/oidc-intro
This example shows a GET request to initiate the Implicit Flow for authentication. It requests an `id_token` directly, with the response mode set to 'fragment'. This flow is supported but not recommended due to security considerations.
```HTTP
GET https://YOUR_SUBDOMAIN.idura.broker/oauth2/authorize?
response_type=id_token&
response_mode=fragment&
client_id=CLIENT_ID&
redirect_uri=YOUR_RETURN_URL&
acr_values=CHOSEN_IDENTITY_SERVICE&
scope=openid&
state=YOUR_STATE
```
--------------------------------
### Initiate PKCE Authentication Request
Source: https://docs.idura.app/verify/getting-started/oidc-intro
This snippet illustrates an example GET request to initiate the OAuth2 authorization flow with PKCE. It includes parameters like client ID, redirect URI, scope, and PKCE-specific parameters such as code challenge and method. This request is made from the client to the authorization server.
```HTTP
GET https://YOUR_SUBDOMAIN.idura.broker/oauth2/authorize?
response_type=code&
response_mode=query&
client_id=CLIENT_ID&
redirect_uri=YOUR_RETURN_URL&
acr_values=CHOSEN_IDENTITY_SERVICE&
scope=openid&
state=YOUR_STATE&
code_challenge=YOUR_CODE_CHALLENGE&
code_challenge_method=S256
```
--------------------------------
### Install Idura Signatures SDK for .NET
Source: https://docs.idura.app/signatures/integrations/csharp
Install the Idura Signatures SDK using either the Package Manager Console or the dotnet CLI. This SDK is compatible with netstandard2.0 and later versions of .NET.
```powershell
Install-Package Criipto.Signatures
```
```bash
dotnet add package Criipto.Signatures
```
--------------------------------
### Install Idura Auth SDK
Source: https://docs.idura.app/verify/integrations/javascript
Methods to include the Idura Auth library in your project. You can either load the script directly via unpkg or install the package using npm.
```html
```
```bash
npm install --save @criipto/auth-js
```
--------------------------------
### Configure Callback URL
Source: https://docs.idura.app/verify/integrations/vuejs
Example of a local development callback URL used for redirecting users after successful authentication.
```text
http://localhost:5173
```
--------------------------------
### Install Idura Verify SDK
Source: https://docs.idura.app/verify/integrations/nodejs-express
Command to install the required Idura Verify Express package via npm.
```bash
npm install @criipto/verify-express
```
--------------------------------
### Install ASP.NET Core Authentication Dependencies
Source: https://docs.idura.app/verify/integrations/aspnet-core-v3
Commands to install the necessary NuGet packages for Cookie and OpenID Connect authentication in an ASP.NET Core project. These packages are required to handle user authentication sessions and OIDC communication.
```bash
dotnet add package Microsoft.AspNetCore.Authentication.Cookies
dotnet add package Microsoft.AspNetCore.Authentication.OpenIdConnect
```
--------------------------------
### Install OIDC Dependency
Source: https://docs.idura.app/verify/integrations/aspnet-core-v6
Command to install the required Microsoft OpenID Connect authentication handler package for ASP.NET Core.
```bash
dotnet add package Microsoft.AspNetCore.Authentication.OpenIdConnect
```
--------------------------------
### Query Example
Source: https://docs.idura.app/signatures/webhooks/events
An example demonstrating how to query or structure a request related to webhook events.
```APIDOC
## Query Example
This section provides an example of a query that might be used in conjunction with webhook events or related API calls.
### Method
GET
### Endpoint
`/example/query`
### Query Parameters
* **eventType** (string) - Optional - The type of webhook event to filter by.
* **orderId** (string) - Optional - The ID of the signature order to filter by.
### Request Example
```
GET /example/query?eventType=SIGNATORY_SIGNED&orderId=abc-123
```
### Response
#### Success Response (200)
* **data** (array) - A list of relevant records matching the query.
* **count** (integer) - The total number of records found.
```
--------------------------------
### Install Idura Verify SDK
Source: https://docs.idura.app/verify/integrations/vuejs
Installs the required @criipto/auth-js package to enable OpenID Connect authentication flows in your JavaScript or Vue.js project.
```bash
npm install --save @criipto/auth-js
```
--------------------------------
### GET /authorize
Source: https://docs.idura.app/verify/guides/authorize-url-builder?acr_values=urn%3Agrn%3Aauthn%3Ase%3Abankid%3Aanother-device%3Aqr&action=approve&message=Transfer+EUR+100+to+IBAN+DK123456781234
Initiates the OpenID Connect authentication flow by redirecting the user to the Idura Verify authorization server.
```APIDOC
## GET /authorize
### Description
Initiates the authentication process. This endpoint redirects the user to the Idura Verify login page to authenticate via their chosen eID.
### Method
GET
### Endpoint
https://{domain}/oauth2/authorize
### Parameters
#### Query Parameters
- **client_id** (string) - Required - The unique identifier for your application.
- **redirect_uri** (string) - Required - The URL where the user is redirected after authentication.
- **response_type** (string) - Required - Must be 'code' (recommended) or 'id_token'.
- **scope** (string) - Required - OIDC scopes (e.g., 'openid').
- **nonce** (string) - Required - A cryptographically strong value to prevent replay attacks.
- **state** (string) - Optional - An opaque value used to maintain state between the request and callback.
- **login_hint** (string) - Optional - Used for prefilling values or triggering specific eID features.
### Request Example
GET /oauth2/authorize?client_id=my-client-id&redirect_uri=https://myapp.com/callback&response_type=code&scope=openid&nonce=random_string
### Response
#### Success Response (302)
- **Location** (header) - Redirects the user to the Idura Verify login page.
#### Response Example
HTTP/1.1 302 Found
Location: https://{domain}/login?...
```
--------------------------------
### Authorization Code Flow Example Response
Source: https://docs.idura.app/verify/getting-started/oidc-intro
An example HTTP 302 Found response for the Authorization Code Flow. This response redirects the user's browser to the specified redirect_uri with the authorization code and state as query parameters, indicating a successful authentication initiation.
```http
HTTP/1.1 302 Found
Location: YOUR_RETURN_URL?code=AUTHORIZATION_CODE&state=YOUR_STATE
```
--------------------------------
### GET /authorize
Source: https://docs.idura.app/verify/guides/authorize-url-builder?acr_values=urn%3Agrn%3Aauthn%3Ase%3Abankid&nonVisibleData=Not+visible+to+end+user
Initiates the OpenID Connect authentication flow by redirecting the user to the Idura Verify authorization endpoint.
```APIDOC
## GET /authorize
### Description
Initiates the OAuth 2.0 / OpenID Connect authorization flow. This endpoint redirects the user to the Idura Verify login page for the specified eID.
### Method
GET
### Endpoint
https://{domain}/oauth2/authorize
### Parameters
#### Query Parameters
- **client_id** (string) - Required - The unique identifier for your application (realm).
- **redirect_uri** (string) - Required - The URL where the user will be redirected after authentication.
- **response_type** (string) - Required - The type of response (e.g., 'code' for authorization code flow).
- **response_mode** (string) - Optional - How the result is returned (e.g., 'query' or 'fragment').
- **nonce** (string) - Required - A cryptographically strong string to prevent replay attacks.
- **state** (string) - Optional - An opaque value used to maintain state between the request and callback.
- **login_hint** (string) - Optional - Used for prefilling values or triggering specific eID features.
### Request Example
GET /oauth2/authorize?client_id=my-client-id&redirect_uri=https://myapp.com/callback&response_type=code&nonce=random_string
### Response
#### Success Response (302)
- **Location** (string) - Redirects the user to the Idura Verify login interface.
#### Response Example
HTTP/1.1 302 Found
Location: https://{domain}/login?...
```
--------------------------------
### GET /oauth2/authorize
Source: https://docs.idura.app/verify/guides/authorize-url-builder?acr_values=urn%3Agrn%3Aauthn%3Ase%3Abankid&action=sign&message=Vendor%3A%0A%0A%23%23+Cool+Delivery%0A%0AAmount%3A%0A%0A%23%23+300+EUR%0A%0A---%0A%0AI+approve+this+transaction.
Initiates the authentication flow with specific eID providers and optional transaction parameters.
```APIDOC
## GET /oauth2/authorize
### Description
Initiates an OIDC authorization request. Supports selecting specific eID providers via `acr_values` and passing transaction-specific data via `login_hint` or path segments.
### Method
GET
### Endpoint
/oauth2/authorize
### Parameters
#### Query Parameters
- **scope** (string) - Required - Must include 'openid'
- **client_id** (string) - Required - Your Idura client identifier
- **redirect_uri** (string) - Required - The URI to redirect to after authentication
- **response_type** (string) - Required - e.g., 'id_token'
- **acr_values** (string) - Optional - The URN of the specific eID provider (e.g., urn:grn:authn:se:bankid)
- **login_hint** (string) - Optional - Used to pass actions or messages (base64 encoded) for specific integrations
### Request Example
https://criipto-verify-prod.criipto.id/oauth2/authorize?scope=openid&client_id=urn:criipto:dev&redirect_uri=https://jwt.io&response_type=id_token&acr_values=urn:grn:authn:se:bankid&login_hint=action:sign%20message:VmVuZG9yOgoKIyMgQ29vbCBEZWxpdmVyeQoKQW1vdW50OgoKIyMgMzAwIEVVUgoKLS0tCgpJIGFwcHJvdmUgdGhpcyB0cmFuc2FjdGlvbi4=
### Response
#### Success Response (302)
- **Redirect** - Redirects the user to the selected eID provider's login page.
```
--------------------------------
### Example JWKS Configuration
Source: https://docs.idura.app/verify/e-ids/finnish-trust-network
A sample JSON Web Key Set (JWKS) format containing both an encryption key (use: enc) and a signing key (use: sig) for OIDC integration.
```json
{
"keys": [
{
"kty": "RSA",
"use": "enc",
"kid": "E1F0D80A379B4F9C8EE7043875345265",
"e": "AQAB",
"n": "zwEbepsvbT4TpZNecCtmJnMhALAH0sqlpllZdkI6AsRGou_cxakr8b8HKjjYWiyb-RJzbScGxBLPVK4k9RcEOL3PxoGoSIABEE1-NinDoiTYaSRIYwd7N914vWSGgfs7ctMy7vYRXmTBoc_NuLQkl79Fu2tFjXbLyAgGfnePkZUrFJqCXwCB553QYXJ0Lw4B8P8MFjy80YShI1wBQmCfj5BpZbACN5u5-84233KTHqYIkGOTrF4FZwVRvAkNutjiwMIzwKYGRj2qjdmelmqDlgiPre5UP8Cfnl7Urm411JhueWo7mrvJAcwHMpcyE4Rsuyhm93bv0hBDe5ddt-r4cw"
},
{
"kty": "RSA",
"use": "sig",
"kid": "08E538B6D3B346A8B61322A4FAFB35CC",
"e": "AQAB",
"n": "0TGwj4SywrEU3IYBBm-HlxyI7zKQkjM6Y4PEZNNBmoIFk4kU8J5xVNkbkqnv_SwKrKJD3JbYK18zLvyu05xVDxXEZR8FkipGaXisGOuXuo_A8Gswe_-LLYfN3N-bpcID9E8FnSq6todIO8umD50W9VdGSoO_WxBiffnpnpXDihTuGSLLSdhWz6vz7-VY_Uphv6V87FfqU0OaMGLi7InsZlMSlquvb8LthOm22YvuiRkgkX1cMjW-uaWva7AMQJ6eKbOKRADnMGNjwlUOJkPsqUbCUGuMvNFwqh9JQCBHEvnwGz8Lmt8hNaK0uQ0nT3l2PFZ5_LsH9JrpxqCmD2LHeQ"
}
]
}
```
--------------------------------
### Authorization Code Flow Example Request
Source: https://docs.idura.app/verify/getting-started/oidc-intro
An example GET request for the Authorization Code Flow in Idura. This request is used to obtain an authorization code, which is then exchanged for an access token. It includes parameters such as response_type, response_mode, client_id, redirect_uri, acr_values, scope, and state.
```http
GET https://YOUR_SUBDOMAIN.idura.broker/oauth2/authorize?
response_type=code&
response_mode=query&
client_id=CLIENT_ID&
redirect_uri=YOUR_RETURN_URL&
acr_values=CHOSEN_IDENTITY_SERVICE&
scope=openid&
state=YOUR_STATE
```
--------------------------------
### Install Idura Signatures SDK for Node.js
Source: https://docs.idura.app/signatures/integrations/nodejs
Install the Idura Signatures SDK using npm or yarn. This SDK is required to interact with the Idura Signatures API in your Node.js application. It supports Node.js version 16 and later.
```bash
npm install --save @criipto/signatures
yarn add @criipto/signatures
```
--------------------------------
### Modify Startup.cs for .NET Core 3.1
Source: https://docs.idura.app/verify/integrations/aspnet-core-v3
Updates the Startup.cs file to align with .NET Core 3.1 conventions. This includes removing `SetCompatibilityVersion`, updating environment types, adding routing and authorization middleware, and replacing `UseMvc` with `UseEndpoints`.
```csharp
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
public class Startup
{
public void ConfigureServices(IServiceCollection services)
{
services.AddMvc();
}
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(routes =>
{
routes.MapControllerRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
}
```
--------------------------------
### GET /auth/userinfo (JWT Example)
Source: https://docs.idura.app/verify/e-ids/vipps-mobilepay
Represents the structure of the JWT/Token returned after a successful authentication via Idura Verify, containing user identity claims.
```APIDOC
## GET /auth/userinfo
### Description
Returns the identity claims for an authenticated user. This endpoint provides the standard OpenID Connect claims along with specific eID metadata.
### Method
GET
### Endpoint
/auth/userinfo
### Response
#### Success Response (200)
- **identityscheme** (string) - The eID used to authenticate.
- **sub** (string) - Persistent pseudonym uniquely identifying the user.
- **address** (object) - Standard OIDC address claim.
- **birthdate** (string) - User birthdate in YYYY-MM-DD format.
- **emailaddress** (string) - User email address.
- **mobilephone** (string) - User phone number.
- **socialno** (string) - Social security number.
- **given_name** (string) - User first name.
- **family_name** (string) - User last name.
#### Response Example
{
"identityscheme": "novippslogin",
"sub": "{75dca599-1ad7-4a09-81c0-92d424b82fbc}",
"emailaddress": "mikkel@idura.com",
"given_name": "Mikkel",
"family_name": "Larsen"
}
```
--------------------------------
### Ordering Norwegian BankID Client Credentials
Source: https://docs.idura.app/verify/e-ids/norwegian-bankid
To enable real user transactions with Norwegian BankID, you must obtain client credentials (client ID and client secret) from Bidbax. Prerequisites include being a customer of a Norwegian Bank, possessing a valid personal eID, and completing the 'Get ready for production' guide.
```APIDOC
## Ordering Process for Norwegian BankID
### Description
This section outlines the process and prerequisites for ordering Norwegian BankID client credentials (client ID and client secret) from Bidbax, which is necessary to accept real users.
### Prerequisites
- Your company must be a customer of a Norwegian Bank.
- The individual signing the contract must possess one of the following personal eIDs: Norwegian BankID, Swedish BankID, or Danish MitID.
- You must have completed step 4 of the 'Get ready for production' guide, including providing the production domain.
**Note:** The BankID OIDC Biometrics option is always included in the basis agreement.
```
--------------------------------
### Enable OpenID Connect Middleware in Startup.cs
Source: https://docs.idura.app/verify/integrations/aspnet-core-v3
Configures the ASP.NET Core application to use OpenID Connect authentication. This involves calling UseAuthentication and UseAuthorization in the Configure method, ensuring they are placed after UseRouting.
```csharp
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseCookiePolicy();
app.UseRouting();
app.UseAuthentication();
app.UseAuthorization();
app.UseEndpoints(routes =>
{
routes.MapControllerRoute("default", "{controller=Home}/{action=Index}/{id?}");
});
}
```
--------------------------------
### Initialize Idura Auth SDK
Source: https://docs.idura.app/verify/integrations/javascript
Initialize the CriiptoAuth client with your domain and client ID. This setup supports both global variable access from CDN and module imports from npm.
```javascript
// Global usage
var criiptoAuth = new CriiptoAuth({
domain: '{{YOUR_IDURA_DOMAIN}}',
clientID: '{{YOUR_CLIENT_ID}}',
store: sessionStorage,
});
```
```javascript
// Module import
import CriiptoAuth from '@criipto/auth-js';
var criiptoAuth = new CriiptoAuth({
domain: '{{YOUR_IDURA_DOMAIN}}',
clientID: '{{YOUR_CLIENT_ID}}',
store: sessionStorage,
});
```
--------------------------------
### Handle Callback and Decrypt JWE
Source: https://docs.idura.app/verify/e-ids/finnish-trust-network
Initializes the OIDC configuration and prepares the callback route to handle the code exchange. This snippet demonstrates the setup required to eventually decrypt the JWE using the private key.
```javascript
import * as jose from 'jose';
import { OpenIDConfigurationManager, codeExchange } from '@criipto/oidc';
const jwks = jose.createRemoteJWKSet(new URL(`https://${IDURA_DOMAIN}/.well-known/jwks`));
const configurationManager = new OpenIDConfigurationManager(
`https://${IDURA_DOMAIN}/.well-known/openid-configuration`,
);
app.get('/callback', async (req, res) => {
const { code } = req.query;
try {
const configuration = await configurationManager.fetch();
const clientAssertion = 'YOUR_CLIENT_ASSERTION_JWT';
// 1. Perform the code exchange at Idura's token endpoint.
// This step retrieves the ID Token, which for FTN will be encrypted (JWE).
}
```
--------------------------------
### Configure OIDC Middleware in ASP.NET Core
Source: https://docs.idura.app/verify/integrations/aspnet-core-v6
Configuration files for setting up Idura Verify credentials and OIDC middleware. Includes appsettings.json for configuration values and Program.cs for service registration.
```json
{
"Idura": {
"Domain": "{{YOUR_IDURA_DOMAIN}}",
"ClientId": "{{YOUR_CLIENT_ID}}",
"ClientSecret": "YOUR_CLIENT_SECRET"
}
}
```
```csharp
builder.Services.Configure(options =>
{
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
builder.Services.AddAuthentication(options => {
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect(options => {
options.ClientId = builder.Configuration["Idura:ClientId"];
options.ClientSecret = builder.Configuration["Idura:ClientSecret"];
options.Authority = $"https://{builder.Configuration["Idura:Domain"]}/";
options.ResponseType = "code";
options.CallbackPath = new PathString("/callback");
options.SignedOutCallbackPath = new PathString("/signout");
});
```
--------------------------------
### Install Idura Signatures Python SDK
Source: https://docs.idura.app/signatures/integrations/python
Installs the Idura Signatures SDK for Python 3.13 and later using pip. It also adds the package to a virtual environment if one is active.
```bash
python3 -m pip install criipto-signatures
uv add criipto-signatures
```
--------------------------------
### Requesting Business Logins via OIDC
Source: https://docs.idura.app/verify/e-ids/danish-mitid-erhverv
Demonstrates how to trigger a business-context login flow using acr_values or login_hint parameters in the authorize request.
```text
acr_values: urn:grn:authn:dk:mitid:business
login_hint=business
login_hint=business_optional
```
--------------------------------
### POST /oauth2/authorize Example
Source: https://docs.idura.app/verify/guides/authorize-url-builder?acr_values=urn%3Agrn%3Aauthn%3Ase%3Afrejaid&frejaAction=sign_advanced&message=Test+advanced+signature+flow&title=Advanced+signature
An example of how to construct the authorization URL for initiating an authentication flow, including scopes, client ID, redirect URI, response type, response mode, nonce, acr_values, and login_hint with signature flow parameters.
```APIDOC
## POST /oauth2/authorize Example
### Description
This example demonstrates how to construct the authorization URL to initiate an authentication flow with specific parameters, including signature flow details.
### Endpoint
`https://criipto-verify-prod.criipto.id/oauth2/authorize`
### Query Parameters
- **`scope`** (string) - `openid`
- **`client_id`** (string) - `urn:criipto:dev`
- **`redirect_uri`** (string) - `https://jwt.io`
- **`response_type`** (string) - `id_token`
- **`response_mode`** (string) - `fragment`
- **`nonce`** (string) - `ecnon-fb8b8b2e-2eb2-4a7e-ba2c-eba832ed395d`
- **`acr_values`** (string) - `urn:grn:authn:se:frejaid`
- **`login_hint`** (string) - `action:sign_advanced title:QWR2YW5jZWQgc2lnbmF0dXJl message:VGVzdCBhZHZhbmNlZCBzaWduYXR1cmUgZmxvdw==`
### Request Example
```
https://criipto-verify-prod.criipto.id/oauth2/authorize?scope=openid&client_id=urn:criipto:dev&redirect_uri=https://jwt.io&response_type=id_token&response_mode=fragment&nonce=ecnon-fb8b8b2e-2eb2-4a7e-ba2c-eba832ed395d&acr_values=urn:grn:authn:se:frejaid&login_hint=action:sign_advanced title:QWR2YW5jZWQgc2lnbmF0dXJl message:VGVzdCBhZHZhbmNlZCBzaWduYXR1cmUgZmxvdw==
```
```
--------------------------------
### Configure OpenID Connect Middleware in ASP.NET Core
Source: https://docs.idura.app/verify/integrations/aspnet-core-v3
Configures authentication services in the Startup class, including cookie policy and OpenID Connect settings. It demonstrates how to dynamically set ACR values via query parameters to control the authentication flow.
```csharp
public void ConfigureServices(IServiceCollection services)
{
services.Configure(options =>
{
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddAuthentication(options => {
options.DefaultScheme = CookieAuthenticationDefaults.AuthenticationScheme;
options.DefaultChallengeScheme = OpenIdConnectDefaults.AuthenticationScheme;
})
.AddCookie()
.AddOpenIdConnect(options => {
options.ClientId = Configuration["Idura:ClientId"];
options.ClientSecret = Configuration["Idura:ClientSecret"];
options.Authority = $"https://{Configuration["Idura:Domain"]}/";
options.ResponseType = "code";
options.CallbackPath = new PathString("/callback");
options.SignedOutCallbackPath = new PathString("/signout");
options.Events = new OpenIdConnectEvents() {
OnRedirectToIdentityProvider = context => {
context.ProtocolMessage.AcrValues = context.Request.Query["loginmethod"];
return Task.FromResult(0);
}
};
});
services.AddMvc();
}
```
--------------------------------
### Initialize Idura SDK with Custom Callback URL (Kotlin)
Source: https://docs.idura.app/verify/integrations/kotlin
Demonstrates how to initialize the Idura SDK in Kotlin, specifying a custom redirect URI. This involves passing the custom URI string during the IduraVerify function call.
```kotlin
IduraVerify(
BuildConfig.IDURA_CLIENT_ID,
BuildConfig.IDURA_DOMAIN,
activity = activity,
redirectUri = "https://${BuildConfig.IDURA_DOMAIN}/my/custom/callback".toUri(),
)
```
--------------------------------
### GET /oauth2/authorize
Source: https://docs.idura.app/verify/getting-started/oidc-intro
Initiates the authentication flow by redirecting the user to the Idura identity service.
```APIDOC
## GET /oauth2/authorize
### Description
Initiates the OAuth2 authorization flow. Users are redirected to the identity service to authenticate.
### Method
GET
### Endpoint
https://{YOUR_SUBDOMAIN}.idura.broker/oauth2/authorize
### Parameters
#### Query Parameters
- **response_type** (string) - Required - "code" or "id_token"
- **client_id** (string) - Required - Your application client ID
- **redirect_uri** (string) - Required - The URL to redirect to after authentication
- **scope** (string) - Required - Usually "openid"
- **state** (string) - Required - CSRF protection string
- **code_challenge** (string) - Optional - Required for PKCE
- **code_challenge_method** (string) - Optional - Required for PKCE (e.g., "S256")
### Response
#### Success Response (302)
- **Location** (string) - Redirects to the provided redirect_uri with code or token in the query/fragment.
```