Curious about verifiable information in digital identity? Join our event in Copenhagen on November 13. Sign up for free →
Live status
Log in
Test for free Contact us
Test for free Contact us
Live status

Table of contents

Author
Natalia Moskaleva 9 December 2024

What Happens When You Log in With an eID (via Criipto)

Criipto is an eID broker

It’s an intermediary between the eID provider (like MitID or BankID) and the website or app you're logging into.

When you log in using an eID through Criipto, a secure background process takes place to verify your identity and share it with the service you’re trying to access. 

Here’s a simplified breakdown of how it works:

1. You click “Login” 

The process starts when you click a login button on a website or app.

2. Redirect to Criipto

Your browser redirects you to Criipto. The redirect is done according to the OpenID Connect (OIDC) protocol—a widely adopted standard for secure authentication. Depending on the website you’re accessing and the number of eIDs it supports, Criipto will either present a selection of eIDs for you to choose from or, if only one eID is available, take you directly to its login page.

3. Authentication with eID

Criipto guides you through the authentication process with your chosen eID—let's say, MitID. You authenticate by approving the login through the MitID app (or a hardware token). Once the eID provider verifies your identity, it sends a confirmation of successful authentication back to Criipto.

4. Redirect back to the website

Criipto handles the response from the eID provider and redirects your browser back to the original website or app. This process also follows OpenID Connect.

This time, Criipto includes a JSON Web Token (JWT) in the redirect. The contents of the JWT vary depending on the eID provider but typically include:

  • Personal information such as your name and date of birth.
  • Metadata such as the time of login, who issued the token, who it is meant for, etc.

5. You’re logged in

The website receives and validates the JWT to confirm your identity. 

Once this is done, you’re logged in and can access the service.

One process for all eIDs

The same process applies to any eID integrated via Criipto: MitID, Norwegian BankID, or other European eIDs.

By leveraging the OpenID Connect standard, Criipto provides a consistent, secure, and efficient way to integrate eIDs into any website or application.
Author
Natalia Moskaleva 9 December 2024

Latest blog posts

View all posts
5 Reasons Verifiable Credentials Are Not Yet Widely Adopted

Verifiable credentials are shaping up to become the identity standard of the future. Not only do they have many possible use cases, but they can...

10 Use Cases for Verifiable Credentials

If you’ve recently started looking into verifiable credentials and their benefits, the concept might sound a bit abstract. After all, VCs are not...

6 Business Benefits of Verifiable Credentials

Today’s businesses must work extra hard to earn their customers’ trust. As more interactions take place online, companies have to juggle the...

View all posts

Sign up for our newsletter

Stay up to date on industry news and insights