Documentation Index Fetch the complete documentation index at: https://docs.hopae.com/llms.txt
Use this file to discover all available pages before exploring further.
Overview OpenID Connect (OIDC) is a widely adopted identity layer on top of OAuth 2.0. It standardizes how your application (the Relying Party, RP) verifies a user’s identity with an OpenID Provider (OP) and receives verified identity data in a secure and interoperable way.
With Hopae Connect, your app integrates using standard OIDC discovery, authorization, token, and userinfo endpoints. That means you can use battle‑tested OIDC client libraries instead of building custom flows.
Issuer & Endpoints Use the issuer for the environment you are targeting.
Issuer: https://connect.hopae.comDiscovery: GET /.well-known/openid-configurationAuth: GET /authToken: POST /tokenUserInfo: GET /userinfoJWKS: GET /.well-known/jwks.json
Issuer: https://sandbox.connect.hopae.comDiscovery: GET /.well-known/openid-configurationAuth: GET /authToken: POST /tokenUserInfo: GET /userinfoJWKS: GET /.well-known/jwks.json Why Use OIDC with Hopae Connect
Standards-based: Works with any OIDC-compliant client; no custom protocol.Drop-in libraries: Use established OSS clients with built-in token validation, discovery, and refresh logic.Security best practices: Exact redirect_uri matching, signed JWTs, and JWKS-based key rotation.Simple configuration: One issuer URL enables automatic discovery of all endpoints and capabilities.Clear separation: Verification and OIDC endpoints live on connect.hopae.com (or sandbox), isolated from API resource servers for security and clarity.
How the Flow Works
Send the user to Hopae Connect to start
User verifies identity with an eID and comes back with a code
Your app swaps the code for tokens, then requests user info
Create a session with the verified profile
Wondering what data you’ll get back? See the Return Data Model for normalized claims, assurance, issuers, presentation, and evidence. Explore the Return Data Model → Quick Start Examples Node.js (openid-client)
Python (Authlib)
Go (go-oidc)
Java (Spring Security)
.NET (OpenIdConnect)
import { Issuer } from 'openid-client' const issuer = await Issuer . discover ( 'https://sandbox.connect.hopae.com' ) const client = new issuer . Client ({ client_id: process . env . CLIENT_ID ! , client_secret: process . env . CLIENT_SECRET , // confidential clients only redirect_uris: [ 'https://your.app/callback' ], response_types: [ 'code' ] }) // 1) Redirect user to authorization URL const authUrl = client . authorizationUrl ({ scope: 'openid profile email' , }) // 2) After callback, exchange code for tokens const params = client . callbackParams ( request ) const tokenSet = await client . callback ( 'https://your.app/callback' , params ) const userinfo = await client . userinfo ( tokenSet . access_token ! )
from authlib.integrations.requests_client import OAuth2Session issuer = 'https://sandbox.connect.hopae.com' discovery = requests.get( f ' { issuer } /.well-known/openid-configuration' ).json() client = OAuth2Session( client_id = CLIENT_ID , client_secret = CLIENT_SECRET , # confidential clients only scope = 'openid profile email' ) # 1) Redirect user uri, state = client.create_authorization_url(discovery[ 'authorization_endpoint' ]) # 2) Exchange code token = client.fetch_token( discovery[ 'token_endpoint' ], grant_type = 'authorization_code' , code = auth_code, redirect_uri = REDIRECT_URI , ) # 3) UserInfo resp = client.get(discovery[ 'userinfo_endpoint' ]) user = resp.json()
import ( oidc " github.com/coreos/go-oidc " " golang.org/x/oauth2 " ) ctx := context . Background () provider , _ := oidc . NewProvider ( ctx , "https://sandbox.connect.hopae.com" ) oauth := oauth2 . Config { ClientID : os . Getenv ( "CLIENT_ID" ), ClientSecret : os . Getenv ( "CLIENT_SECRET" ), // confidential only Endpoint : provider . Endpoint (), RedirectURL : "https://your.app/callback" , Scopes : [] string { "openid" , "profile" , "email" }, } // 1) Redirect to oauth.AuthCodeURL(state, ...) // 2) Exchange code: oauth.Exchange(ctx, code) // 3) Verify ID Token and call /userinfo with access token
spring : security : oauth2 : client : registration : hopae : client-id : ${CLIENT_ID} client-secret : ${CLIENT_SECRET} scope : openid, profile, email redirect-uri : https://your.app/login/oauth2/code/hopae authorization-grant-type : authorization_code provider : hopae : issuer-uri : https://sandbox.connect.hopae.com
builder . Services . AddAuthentication ( options => { options . DefaultScheme = CookieAuthenticationDefaults . AuthenticationScheme ; options . DefaultChallengeScheme = OpenIdConnectDefaults . AuthenticationScheme ; }) . AddCookie () . AddOpenIdConnect ( "oidc" , options => { options . Authority = "https://sandbox.connect.hopae.com" ; options . ClientId = Configuration [ "CLIENT_ID" ]; options . ClientSecret = Configuration [ "CLIENT_SECRET" ]; // confidential only options . ResponseType = "code" ; options . Scope . Add ( "openid" ); options . Scope . Add ( "profile" ); options . Scope . Add ( "email" ); });
Recommended Libraries Choose what fits your stack. All are OIDC‑compliant and widely used:
Next Steps
See Returned Data Learn exactly which claims and fields you receive
