How to integrate the Next Identity Hosted Journeys profile workflow
Next Identity Hosted Journeys supports self-service account management with the profile screen.
In this journey, a user with an active session can visit the profile screen. On this screen an end user can update any allowed field. They can perform actions such as reset their password or choose the answers to security questions, if the configuration allows.
When the user calls Next Identity Journeys via the /personal-details
endpoint, if the user already has an active session in the browser, the hosted service will display the personal details page. If the end user does not have an existing browser-based session, the login screen will be displayed to them before the personal details page is shown.
Endpoint URL
The profile request consists of the base domain + the endpoint (/personal-details
) + parameters. Available parameters are listed below the example.
<https://id.eu.nextreason.com/personal-details>?
client_id={{client_id}}
&redirect_uri={{redirect_uri}}
&response_type=code
&state={{state}}
&scope=openid
&access_type=offline
&nonce={{nonce}}
Required Parameters
The following parameters must be included on every request.
Parameter | Description |
---|---|
| Configures the URL the user is redirected after a successful authentication.
|
| The ID used to authenticate the API call. |
| Value that determines the authorization processing flow to be used, including what parameters are returned from the endpoints. The only acceptable parameter is: |
| OpenID Connect requests must contain the OpenID |
Optional Parameters
The following parameters are optional.
Parameter | Description |
---|---|
| Space delimited, case sensitive list of ASCII string values that specifies whether the Authorization Server prompts the End-User for reauthentication and consent. The defined values are:
|
| This Typically for applications, Cross-Site Request Forgery (CSRF, XSRF) mitigation is done by cryptographically binding the value of this parameter with a browser cookie. This value is required on every call, but the hosted service does not use this value in any way, it is solely for use by the application. Doing so, the application can check and evaluate the value of the state parameter if it is correct or meets a specified criteria then perform expected actions or user journeys on the application-side. |
| This parameter is used when making an authorization request. It is typically included as part of the URL parameters when redirecting the user to the authorization server. This parameter informs the authorization server about the type of access being requested. The most common values for access_type are:
|
| String value used to associate a client session with an ID token and to mitigate replay attacks. The value is passed through unmodified from the Authentication Request to the ID Token. Sufficient entropy must be present in the |
Response Handling
In this journey, a user with an active session can visit the profile screen. On this screen an end user can update any allowed field. They can perform actions such as reset their password or choose the answers to security questions, if the configuration allows.
When the user calls Next Identity Journeys via the /personal-details endpoint, if the user already has an active session in the browser, the hosted service will display the personal details page. If the end user does not have an existing browser-based session, the login screen will be displayed to them before the personal details page is shown.
Configuration Options
The profile screen's menu can be customized according to your application's requirements. The following is capable of being displayed as menu options:
Menu Item | Description |
---|---|
Change Password | Allows the customer to change their password. |
Security | Allows the customer to enable or disable the following:
|
Sign Out | Allows the customer to end the session on their active device. |
Sign Out of All Devices | Allows the customer to end the sessions across all devices with active sessions. |
Error Handling
Error | Code | Cause |
---|---|---|
503 | Allows the customer to change their password. | Incorrect client_id |
Security Considerations
While the state parameter is not directly used within the profile endpoint itself, it plays a critical role in ensuring the secure handling of the authorization process that leads to accessing the profile endpoint.
Integration
- Redirect to Authorization Endpoint: Initiate the authentication request.
- Handle Redirect Back with Authorization Code: Capture and process the authorization response.
- Exchange Authorization Code for Tokens: Obtain access and possibly refresh tokens.
- Call Profile Endpoint: Direct a logged in user to the Profile screen using a URI similar to the following:
https://id.eu.nextreason.com/personal-details?client_id=XXXXXXXXX&redirect_uri=XXXXXXX&response_type=code&scope=openid