Users & identity · OIDC clients
OIDC client registry
checking auth…
Register third-party relying parties (RPs) that authenticate users against this tenant’s built-in OIDC provider — e.g. Nextcloud, Grafana, Outline, your own SaaS app. The RP reads metadata from the discovery URL below, then redirects users to
/oauth2/v1/authorize with its client_id. Saved entries are picked up by the IdP on the next request without a restart (file is mtime-watched). Built-in codeb-admin client is reserved — the bundled admin UI uses it and cannot be edited.
Discovery URL
—
Loading…
EU Wallet presentation request builder
Pick what your relying party needs and copy the ready-to-use OpenID4VP request objects — both DCQL (OID4VP 1.0 mandatory) and Presentation Exchange 2.0 (legacy fallback) — below. No JSON by hand. Uses the tenant’s existing verifier keys and x509_hash client_id.
Asks the wallet for age_over_<N> selective disclosure. Nothing else is requested.
DCQL (OID4VP 1.0)
{}
Presentation Exchange 2.0 (fallback)
{}
Post these to /oidc.ashx?action=vp-start as the dcql (preferred) or presentation_definition body field. The verifier locks the client_id prefix per session and mints an ES256-signed JAR pointing wallets at /oidc.ashx?action=vp-request. Response encryption is ECDH-ES + A128GCM. See HAIP implementation notes.