Learn how Sovos Account authenticates people and verifies identity using OpenID Connect.

Understanding how Sovos Account authenticates people helps you plan your integration. The process follows the OpenID Connect authorization code flow and involves four distinct phases. Each phase has a specific purpose in verifying identity and protecting data.

Authorization request

Your application redirects to Sovos Account's authorization endpoint with a request that includes your client ID, required scopes, the verification method to use, your redirect URI, and security parameters. This phase establishes what information you're requesting and which verification method the user will complete.

Biometric verification

Sovos Account displays the verification interface and captures biometric data according to the workflow you specified in the authorization request. Sovos Trust Connect communicates with connected hardware devices to capture fingerprints, read smart cards, or record facial images. Sovos Account performs all verification within its secure environment.

Authorization callback

After successful verification, Sovos Account redirects back to your application's redirect URI. The redirect includes a temporary, single-use authorization code in the URL query parameters.

Token exchange

Your application sends the authorization code and client credentials to Sovos Account's token endpoint. Sovos Account validates the code and returns tokens that give you access to verified identity information.

The ID token contains claims based on your requested scopes, like name, email, or credential details. You decode this token to read the claims and confirm identity. The access token authorizes your API requests to Sovos services.

If you requested offline access, you also receive a refresh token that lets you get new access tokens when they expire without requiring verification again.

This separation between authentication and your application means you never handle sensitive biometric data. Sovos Account performs all verification and provides you with verified identity information. Review the implementation steps to build your integration.