Getting started with OpenID connect

The customer portal allows Feide administrators to register and manage applications.

Services that are registered in the customer portal are synchronized to the dashboard dataporten so you don’t need to register a new service in dataporten dashboard to register or get access to API.

If you are registered as an administrator in the Feide customer portal, you will be able to login to the dataporten dashboard with the same credentials. For users without a Feide account, choose Feide Guest users when login into dataporten dashboard.

Authentication

Authentication in Feide can be done using OpenID Connect or SAML. OpenID Connect (OIDC) is the standard for identity verification on top of OAuth 2.0 token based authorization, and is widely used on the web. With OIDC, the application gets verified information about the user’s identity as well as an access token which it can use to access a set of APIs.

There is also a legacy userinfo API in Feide that does not conform to OIDC, but also provides verified identity information.

Setting up your application

On the customer portal you will get details and credentials to set up your application as an OpenID Connect (OIDC) relying party.

If your client already supports OIDC or OAuth 2.0, remaining work may just be some simple configuration.

Otherwise, here is more information about how to use OIDC with Feide:

In the customer portal you can configure which login providers under configuration-tab or under host organization you will enable for the end users. Your configuration here will be reflected in the available login options for the end users during login. See the login flow

Using the Groups API

Note

If you are unable to find the information you are looking for at OIDC userinfo or in the id_token, it will often turn out that it is available through the groups API.

This API depends on OpenID Connect, but isn’t part of it. Hence, it is not covered by OIDC libraries, or by OIDC documentation and examples available on the net.

A user’s relationship to schools, workplaces, classes, subjects and more are expressed as group memberships. When your application is given a valid access token with one or more of the attribute groups groups-org, groups-edu or groups-other, you will be able to access the groups API to get information about the current group affiliations of the current user.

Using third party APIs

An important feature of Feide is the possibility to do access control on APIs through the platform.

FS is the Common Student System (Felles studentsystem). It is a study administration system developed for universities, scientific colleges and national university colleges. FS is developed by Sikt.

We hope to be able to expose a large library of APIs with data sources for new services in the education sector.

Group data from FS

Group data from FS is already accessible through the groups API (mentioned above). This is only available to services that integrate with Feide using the OpenID Connect protocol. With group data from FS the service obtaining the following group information for users in higher education: subjects, classes, years and programs. To enable this is done by checking of the attribute group groups-edu in customer portal under the tab “User information” when editing the service.

Screenshot of adding group-edu attribute group

Screenshot of adding group-edu attribute group

Semester Registration Data

An API returning information about whether a student has paid his semester is accessible as a third party API.

This API is used in service like the digital student iD which is used by most students in Norway to show whether the student has a valid student certificate based on whether they have paid the semester fee or not.

More information and how to access the API can be found here (requires login) and contact information to Unit.

To access so search after Semesterregistreringsdata and request access to the dashboard dataporten under third-party APIs on your service. Then contact Unit <fs-support@fsat.no> to request that the Semester registration data be opened for you’re service. Unit also wants you to inform which institution the service is made accessible for.

Screenshot of request access to Semester Registration Data

Screenshot of request access to Semester Registration Data

Alumni data

API returning information about alumni are available for several organizations.

This API is used by several universities and colleges’ alumni networks to provide a meeting place for current and former students for knowledge sharing and experience exchange.

More information and how to access the API can be found here (requires login) and contact information for Unit.

To access search after alumni data (“Alumni data from FS <Test / Prod>) and ask for access in the dashboard dataporten under third-party APIs on you’re service. Then contact Unit to request alumni data to be opens up for your service. Unit also wants you to inform which institution the service is made accesable for.

Screenshot of request access to Alumni data

Screenshot of request access to Alumni data