One of ZenKey's core design features makes a subscriber’s carrier the sole party able to authenticate and capture user consent. This means a central component for merchants integrating with ZenKey is the routing of requests to the correct carrier. ZenKey implemented two different, but complementary methods to enable a merchant to integrate and determine this discovery.
The first method is based on OpenID MODRNA discovery flows. This method has two services from ZenKey:
- An API layer that, when given the correct discovery variables, returns the configuration for the correct carrier.
- An endpoint that is a visual experience for the user. This allows users with the ZenKey application to set up a binding to a secondary device.
Use MODRNA-Based Discovery if...
You want to use an OIDC compliant implementation. Find more information on the MODRNA-based discovery flow here.
The second method leverages a more common OpenID auth request process. In this case, merchants redirect the user to ZenKey who redirects them to the correct carrier after discovery is complete. Using this process, merchants must contact the ZenKey discovery issuer after the auth code is received so that merchants can route their token and UserInfo API calls to the correct carrier endpoints.
Use Optimized Discovery if...
you are looking to reuse existing OpenID connect logic and code. Find more information on the optimized discovery flow here.
Updated 12 months ago