Technical Integration
OIDC
OpenID Connect integration guide for secure identity verification. Configure OIDC clients, QR code flows, and custom verification scopes in applications.
You can integrate Nuggets’ secure identity verification into your own app using our QR code flow, powered by the OpenID Connect (OIDC) protocol.
After setup, you’ll be prompted to download a private key:
Once created, you’ll be able to view the Client ID and additional configuration options:
These appear during the user’s interaction and help build trust by making it clear what information is being requested and why:
Create a Client
To begin, create a partner account on Nuggets. In the Nuggets Account Portal, an OIDC Application Client is referred to as an “Advanced Check”:Advanced Check (OIDC Application Client)
Configure the Client
When creating an Advanced Check, you’ll be asked to provide your Redirect URI and Sign Out URI:Advanced Check - Configure
Advanced Check - Private Key Download
Keep this key safe and secure – it is critical to your application’s
security.
Advanced Check - Created
Add Verifications
You can now add Verifications to your client. These define the specific credential proofs you’d like to request from the user.Advanced Check - Verifications
Advanced Check - Invite Verifications
If no verifications are configured, users will see “unknown” as the requesting
party on the QR code screen.
Configuring your flow
The user flow is determined by the OIDC scopes you specify. These scopes define what type of verification or information you require from the user during authentication.rightToWork: Request a Right to Work check from the user.kyb: Request the user to verify their business using KYB.ageOver: Request the user is over a specified age. This age will be passed as part of the PAR (Pushed Authorization Request)
How It Works
- Your backend generates a QR code that encodes an OIDC authentication request.
- The user scans the QR code with the Nuggets mobile app.
- The app prompts the user to share the requested Verifiable Credentials (VCs).
- After consent and validation, Nuggets completes the OIDC flow and redirects to your configured
redirect_uriwith a validid_tokenand/oraccess_token. - Your application decodes the token and uses the embedded claims (e.g. DID, age, role) to grant access or customize the experience.
Benefits
- Privacy-first: no passwords, no shared secrets
- Standards-based: built on OIDC and W3C Verifiable Credentials
- User-controlled: users share only what they choose
- Zero visibility: Nuggets runs the provider service inside a Confidential Compute environment—meaning even we can’t see the data being processed