Looking to determine if Criipto is the right match for your team? Contact sales →
Live status
Log in
Test for free Contact us
Test for free Contact us
Live status

Table of contents

Author
Natalia Moskaleva 9 December 2024

What Happens When You Log in With an eID (via Criipto)

Criipto is an eID broker

It’s an intermediary between the eID provider (like MitID or BankID) and the website or app you're logging into.

When you log in using an eID through Criipto, a secure background process takes place to verify your identity and share it with the service you’re trying to access. 

Here’s a simplified breakdown of how it works:

1. You click “Login” 

The process starts when you click a login button on a website or app.

2. Redirect to Criipto

Your browser redirects you to Criipto. The redirect is done according to the OpenID Connect (OIDC) protocol—a widely adopted standard for secure authentication. Depending on the website you’re accessing and the number of eIDs it supports, Criipto will either present a selection of eIDs for you to choose from or, if only one eID is available, take you directly to its login page.

3. Authentication with eID

Criipto guides you through the authentication process with your chosen eID—let's say, MitID. You authenticate by approving the login through the MitID app (or a hardware token). Once the eID provider verifies your identity, it sends a confirmation of successful authentication back to Criipto.

4. Redirect back to the website

Criipto handles the response from the eID provider and redirects your browser back to the original website or app. This process also follows OpenID Connect.

This time, Criipto includes a JSON Web Token (JWT) in the redirect. The contents of the JWT vary depending on the eID provider but typically include:

  • Personal information such as your name and date of birth.
  • Metadata such as the time of login, who issued the token, who it is meant for, etc.

5. You’re logged in

The website receives and validates the JWT to confirm your identity. 

Once this is done, you’re logged in and can access the service.

One process for all eIDs

The same process applies to any eID integrated via Criipto: MitID, Norwegian BankID, or other European eIDs.

By leveraging the OpenID Connect standard, Criipto provides a consistent, secure, and efficient way to integrate eIDs into any website or application.
Author
Natalia Moskaleva 9 December 2024
Our blog

Latest blog posts

The latest industry news, interviews, technologies, and resources.

View all posts
A Brief History Of Identity Verification

Identity verification dates back thousands of years. Long before our identities were digitized, encoded in JWT tokens, and stored in databases,...

The Problem With Phishing and Security: Why More Hardware Is Not the...

Cybercrime is fast becoming the world's third-largest economy after the U.S. and China. Phishing attacks are among the most serious cybercrime...

Can I Have Digital Identity and Privacy at the Same Time?

Digital identity gives us quick and easy access to online resources and communities. But as we increasingly rely on digital identities for daily...

View all posts

Sign up for our blog

Stay up to date on industry news and insights