A core design feature of ZenKey is that a subscriber’s carrier will always be the sole party to authenticate and capture user consent. This means a core component to a Service Provider integrating with ZenKey is the routing of the requests to the correct carrier. ZenKey has implemented two different, but complimentary methods to enable a Service Provider to integrate and determine this discovery.
The first method is based on OpenID MODRNA discovery flows. This method has two services from ZenKey:
- An API layer that, when given the correct discovery variables, will return the configuration for the correct carrier.
- An endpoint that is a visual experience for the user. This allows a user with the ZenKey application to setup a binding to a secondary device.
Use MODRNA-Based Discovery if...
You want to use an OIDC compliant implementation. Find more information on the MODRNA-based discovery flow here.
The second method leverages a more common OpenID auth request process. In this case the Service Provider will redirect the user to ZenKey, who will then redirect the user to the correct carrier after discovery is complete. Under this model the Service Provider will still need to contact the ZenKey discovery issuer after the auth code is received so that the Service Provider can route their token and UserInfo API calls to the correct carrier endpoints.
Use Optimized Discovery if...
you are looking to reuse existing OpenID connect logic and code. Find more information on the optimized discovery flow here.
Updated 6 months ago