Partner Integration

This section is for partner and integrator developers building applications
that authenticate citizens or consume RDC / DRC services.

Start here

  • OIDC Integration Guide — authenticate
    citizens with their DRC Pass using the OpenID Connect provider (tri-ekyc).
    Covers client registration, discovery, scopes/claims, the Authorization
    Code + PKCE flow, a working Node.js example, refresh tokens, logout, and a
    security checklist.

How authentication works

Your app is an OIDC relying party. The citizen logs in through the DRC Pass
login UI (drc-pass), and the provider (tri-ekyc) returns identity claims to your
app in a signed ID token.

Your App ──/auth──> tri-ekyc (OIDC Provider) ──> drc-pass (citizen login)
   ^                      │
   └──── id_token ───/token── (Authorization Code + PKCE)
  • Flow: Authorization Code + PKCE (S256) only
  • Claims: delivered in the ID token (no UserInfo endpoint)
  • Token signing: RS256, verified against the published JWKS

Other integration topics

  • API access — service-to-service authentication via x-api-key headers,
    available endpoints, and environments (/develop, /staging, /uat).
  • eKYC & DRC Pass — requesting identity verification and DRC Pass issuance.
  • Partner onboarding — registration via rdc-partner-service, staff
    management, and RBAC.

Reference integrations

  • demo-app/ — minimal OIDC demo client (Authorization Code Flow with PKCE).
  • rdc-trident-simulate/ — Trident Telecom SIM registration portal that logs in
    citizens via tri-ekyc OIDC.

Suggested pages to add next

  1. api-reference.md — REST endpoints and x-api-key auth.
  2. environments.md — base URLs and issuer URLs per environment.
  3. ekyc.md — requesting identity verification / DRC Pass issuance.
previous Mobile App next Manage Services