Integration Methods

Overview

hConnect offers two integration methods: Webview (OAuth 2.0/OIDC-based approach) and direct API integration. Each has distinct trade-offs in security, complexity, and control.

Architecture Comparison

OAuth 2.0 Authorization Code Flow

Follows OAuth 2.0/OIDC patterns for simplified yet secure integration:

OIDC Full Compliance Coming Soon: We’re actively working on making our Webview integration fully OIDC-compliant, which will provide even better standards compatibility and security features.

Redirect users to hConnect
hConnect handles all provider interactions
Receive authorization code via redirect
Exchange code for ID token

Key Security Features

PKCE: Protection against code interception
State Parameter: CSRF protection
Single-use codes: 60-second TTL
JWT ID Tokens: Standard token format

Implementation Example

// Authorization request with PKCE
const authUrl = new URL('https://sandbox.verify.hopae.com');
authUrl.searchParams.append('client_id', CLIENT_ID);
authUrl.searchParams.append('redirect_uri', REDIRECT_URI);
authUrl.searchParams.append('code_challenge', codeChallenge);
authUrl.searchParams.append('code_challenge_method', 'S256');

Provider Flow Comparison (Example)

Provider	Flow Type	Webview Handling	API Requirements
BankID SE	QR Code	✅ Automatic	QR generation + polling
MitID DK	Redirect	✅ Automatic	Redirect handling
Smart-ID	Push	✅ Automatic	Push UI + polling
DigiD NL	Redirect	✅ Automatic	Multi-step redirects
itsme BE	QR + Push	✅ Automatic	Multi-flow support

Provider Abstraction: Webview handles all provider complexities automatically. API integration requires implementing each provider’s specific flow.

Key Differences

Aspect	Webview	API
Security Model	OAuth 2.0 patterns with PKCE	Custom implementation
Provider Complexity	Abstracted away	Direct handling required
Implementation Time	Quick setup	Extensive development
Control Level	Standard flow	Full customization
Maintenance	Automatic updates	Manual updates

Getting Started

Integrations

Concepts

Integration Methods

Overview

Architecture Comparison

OAuth 2.0 Authorization Code Flow

Key Security Features

Implementation Example

Provider Flow Comparison (Example)

Key Differences

Next Steps

Webview Ingegration

API Ingegration

Getting Started

Integrations

Concepts

​Overview

​Architecture Comparison

​OAuth 2.0 Authorization Code Flow

​Key Security Features

​Implementation Example

​Provider Flow Comparison (Example)

​Key Differences

​Next Steps

Webview Ingegration

API Ingegration

Overview

Architecture Comparison

OAuth 2.0 Authorization Code Flow

Key Security Features

Implementation Example

Provider Flow Comparison (Example)

Key Differences

Next Steps