Concept Guides

Authorisation Servers

Add OAuth authorisation servers enabling Data Receivers to discover the configuration of your server, register their client applications, and get access tokens for API access.
﻿
In Raidiam Connect, Data Providers﻿ add their OAuth Authorisation Servers to enable the Data Receivers﻿ to easily discover the server's configuration, register their client applications, and get access tokens for API access. If the underlying Registration Framework﻿ is configured to act as an OpenID Federation﻿, the client does not have to be registered by the Data Receiver as the responsibility to register clients lays solely on the Data Provider's Authorisation Server's side.
An OAuth Authorisation Server, sometimes referred to as OpenID Provider, is a system that issues access tokens to client applications (Data Receiver's﻿ software) after successfully authenticating the user and obtaining their authorization. It acts as an intermediary between the client application and the resource server (Data Provider's﻿ APIs), ensuring that access to protected resources is granted securely and based on the resource owner's consent.
sequenceDiagram;
participant app as Client Application
participant as as Authorisation Server
participant api as API (Resource Server)
app->>as: Authenticate
as->>app: Access Token
app->>api: Call API with Access token
api->>app: HTTP 200 OK
sequenceDiagram;
participant app as Client Application
participant as as Authorisation Server
participant api as API (Resource Server)
app->>as: Authenticate
as->>app: Access Token
app->>api: Call API with Access token
api->>app: HTTP 200 OK
﻿
The Data Provider's﻿ Authorisation Server handles requests for tokens, validates credentials, manages scopes, and maintains security policies enabling secure delegated access across different applications and services.
Authorisation Server Object
Most of the information and URIs to be configured for the Authorisation Server are used mainly for the discovery of the Server by the customer that consents to share their data. On a more technical level, client applications mainly use the OpenID discovery document URI, also known as the server's /.well-known endpoint. This URI contains most of the information needed for a Data Receiver's Application to interact with the server.
Field
Description
Example
Customer friendly server name
Defined by the brand. Name shown to the receptor, add the name without abbreviations so that it can be recognized by the customer that will consent to share data. Maximum of 256 characters
Raidiam server
OpenID discovery document URI
The URI that points to the OpenID discovery document.
﻿https://auth.sandbox.raidiam.io/.well-known/openid-configuration﻿
Payload signing certificate URI
Location of the signature certificate URI
https://raidiam.com/payload-uricertificate
Customer friendly logo URI
Define the brand logo URI, for more information see the logo details below
https://raidiam.com/logo.svg
Developer Portal URI
URI developer portal
https://developers.raidiam.com
Terms of service URI
Location of the terms of service URI
https://raidiam.com/tos
Notification webhook endpoint
Endpoint of the webhook notification - Note this endpoint will need confirmation - visit the url sent to endpoint within 3 days to confirm subscription

This URI is optional and allows the server to receive notification in case any relevant information on Connect is added or updated
webhook.site/97askmbf-c320-4982-b0ff-f7728893aa
Description
1. Character limit: 256 characters
2. Description cannot have links
3. Required items in the description:
    Description of the brand, with additional information so the citizen knows what to choose without doubts.
4. Guidance on what it can contain:
    Organisation introduction text
    Start date of the institution
    Institution differences
    Contact channels
This is where you can describe your brand, bringing any additional information to help the citizen make the right choice.
What's Next
Learn about API Resources﻿ you can add as a Data Provider.
﻿Add Server﻿.
﻿Publish APIs for Data Receivers to integrate﻿.
﻿

Field	Description	Example
Customer friendly server name	Defined by the brand. Name shown to the receptor, add the name without abbreviations so that it can be recognized by the customer that will consent to share data. Maximum of 256 characters	Raidiam server
OpenID discovery document URI	The URI that points to the OpenID discovery document.	https://auth.sandbox.raidiam.io/.well-known/openid-configuration
Payload signing certificate URI	Location of the signature certificate URI	https://raidiam.com/payload-uricertificate
Customer friendly logo URI	Define the brand logo URI, for more information see the logo details below	https://raidiam.com/logo.svg
Developer Portal URI	URI developer portal	https://developers.raidiam.com
Terms of service URI	Location of the terms of service URI	https://raidiam.com/tos
Notification webhook endpoint	Endpoint of the webhook notification - Note this endpoint will need confirmation - visit the url sent to endpoint within 3 days to confirm subscription This URI is optional and allows the server to receive notification in case any relevant information on Connect is added or updated	webhook.site/97askmbf-c320-4982-b0ff-f7728893aa
Description	1. Character limit: 256 characters 2. Description cannot have links 3. Required items in the description: Description of the brand, with additional information so the citizen knows what to choose without doubts. 4. Guidance on what it can contain: Organisation introduction text Start date of the institution Institution differences Contact channels	This is where you can describe your brand, bringing any additional information to help the citizen make the right choice.

Organisation Contacts

API Resources