home

Trust Services

Working with SovosIndirect TaxTax and Regulatory ReportingTrust ServicesSovos Glossary
Working with SovosIndirect TaxTax and Regulatory ReportingTrust ServicesSovos Glossary

Sovos Docs

Show Contents

Trust Services

Sovos Account Integration

Authentication request examples

Learn how to construct authentication requests for each verification workflow in Sovos Account.

Discovery endpoint

To view available scopes and configuration, query the discovery endpoint:

 
https://accounts.trust.sovos.com/.well-known/openid-configuration

The endpoint returns OpenID Connect configuration, including available scopes, authentication methods, and endpoint URLs.

Request parameters

All authentication requests use these parameters:

ParameterDescriptionExample
acr_valuesAuthentication workflow to use. Must be URL-encoded.urn:acr:moc-fpt
audienceSpecifies the intended resource server (API) for the access token. The generated token will only be valid for this audience, preventing token misuse across different services.https://api.yourapp.com
code_challengePKCE code challenge value you generate from the code verifier.UzYUKJR0gIluJLktAGz...
code_challenge_methodHashing method for PKCE. S256 indicates SHA-256.S256
displayHow to display the authentication UI.page
nonceRandom value to prevent replay attacks. Must be unique for each request.unique-nonce-value
promptControls when Sovos prompts for authentication and consent.login+consent
redirect_uriWhere to redirect people after authentication. Must be URL-encoded and registered with your client.http://127.0.0.1:8081/callback
response_modeHow the authorization response is returned.query
response_typeType of response requested. Use code for authorization code flow.code
scopeScopes you request, separated by spaces or plus signs.openid+offline_access
stateRandom value to prevent CSRF attacks. Must be unique and validated after redirect.pl8bgv6ytnel859554ebsmjw
ui_localesPreferred language for the authentication interface.es_CL
Important: Generate unique values for code_challenge, nonce, and state for each authentication request. Use your registered redirect_uri.

Fingerprint validation (urn:acr:fpt)

Use this workflow to verify identity against centralized database records. Fingerprint validation compares captured fingerprints with stored biometric data in the database.

This example shows an authentication request for fingerprint validation:


curl -XGET -G 'https://accounts-dev.trust.sovos.com/oauth2/auth' \
  -d acr_values=urn%3Aacr%3Afpt \
  -d client_id=your-client-id \
  -d code_challenge=UzYUKJR0gIluJLktAGz_jp0GXliMmSpk7cKP5cv8VJo \
  -d code_challenge_method=S256 \
  -d display=page \
  -d nonce=a1b2c3d4e5f6g7h8i9j0k1l2 \
  -d prompt=login+consent \
  -d redirect_uri=http%3A%2F%2F127.0.0.1%3A8081%2Fcallback \
  -d response_mode=query \
  -d response_type=code \
  -d scope=openid+profile \
  -d state=m2n3o4p5q6r7s8t9u0v1w2x3 \
  -d ui_locales=es_CL

Match-on-Card and fingerprint (urn:acr:moc-fpt)

Use this workflow for enhanced security through dual verification. It combines Match-on-Card technology with fingerprint database validation, verifying both the smart card chip data and the captured fingerprint against centralized records.

This example shows an authentication request for Match-on-Card and fingerprint verification:


curl -XGET -G 'https://accounts-dev.trust.sovos.com/oauth2/auth' \
  -d acr_values=urn%3Aacr%3Amoc-fpt \
  -d code_challenge=UzYUKJR0gIluJLktAGz_jp0GXliMmSpk7cKP5cv8VJo \
  -d code_challenge_method=S256 \
  -d display=page \
  -d nonce=o9s6dw50r98xj813cgtbifjg \
  -d prompt=login+consent \
  -d redirect_uri=http%3A%2F%2F127.0.0.1%3A8081%2Fcallback \
  -d response_mode=query \
  -d response_type=code \
  -d scope=openid+offline_access \
  -d state=pl8bgv6ytnel859554ebsmjw \
  -d ui_locales=es_CL

Online ID (urn:acr:online-id)

Use this workflow to verify identity through facial recognition and document validation. This method captures the person's face and compares it against the photo on their identity document.

This example shows an authentication request for Online ID verification:

curl -XGET -G 'https://accounts-dev.trust.sovos.com/oauth2/auth' \
  -d acr_values=urn%3Aacr%3Aonline-id \
  -d client_id=your-client-id \
  -d code_challenge=UzYUKJR0gIluJLktAGz_jp0GXliMmSpk7cKP5cv8VJo \
  -d code_challenge_method=S256 \
  -d display=page \
  -d nonce=x3y4z5a6b7c8d9e0f1g2h3i4 \
  -d prompt=login+consent \
  -d redirect_uri=http%3A%2F%2F127.0.0.1%3A8081%2Fcallback \
  -d response_mode=query \
  -d response_type=code \
  -d scope=openid+profile+email \
  -d state=j5k6l7m8n9o0p1q2r3s4t5u6 \
  -d ui_locales=es_CL
Public
Implementation
Identity Management
Current

Last updated: March 13, 2026

sovos-footer

The Always-On Tax Compliance Company

More than 100,000 customers – including half the Fortune 500 – trust Sovos' tax and regulatory expertise and unparalleled integration with their business applications.

Contact Support

Sovos Platform

Compliance Cloud

Indirect Tax Suite

Compliance for SAP

Product Suites

Value-Added Tax

Tax Information Reporting

Sales and Use Tax

For Developers

Connector Marketplace

Trust APIs

© 2025 Sovos Compliance. All rights reserved.

Privacy Policy

About Us