Connecting a mobile app via OIDC

The interaction of the mobile application with Blitz Identity Provider in addition to the standard tools of the OIDC/OAuth 2.0 protocol uses the specifications:

• RFC 7591 OAuth 2.0 Dynamic Client Registration Protocol,

• RFC 7592 OAuth 2.0 Dynamic Client Registration Management Protocol.

The interaction of the mobile application with Blitz Identity Provider includes the following steps:

1. Dynamic registration of a mobile application instance in Blitz Identity Provider. Getting an application instance from Blitz Identity Provider a unique client_id / client_secret pair.

2. The user’s initial login to the mobile application using Blitz Identity Provider. The user sets a PIN code or Touch ID/Face ID. Saving the encrypted client_id / client_secret pair received from Blitz Identity Provider on the device.

3. Secondary user inputs using a PIN or Touch ID/Face ID. Authorization in Blitz Identity Provider using the encrypted client_id / client_secret pair.

4. Deleting the received client_id / client_secret pair in Blitz Identity Provider during the user’s logout (account change, account logout) from the mobile application.

Schematically, the sequence of actions of stages 1-2 is shown in the first figure, and stage 3 is shown in the second.

The user’s first login to the mobile application:

Repeated user logins to the mobile application: