If you wish to provide a custom web portal or app for your participants, you can leverage their existing MyDataHelps account rather than designing your own separate authentication service.
MyDataHelps supports the OpenId Connect standard (OIDC) for verifying the identity of a user. Using this standard you can redirect the users to MyDataHelps.org for login and then receive a signed identity token (JSON Web Token with identity claims). If the user is already authenticated (using MyDataHelps in the same browser window) they will not need to log in again.
You first need to obtain a Client ID from the MyDataHelps administrator. They will require the following information for both the test and production projects:
- Name of Application/Site.
- Redirect URI where the OIDC response should be sent. Must be a fully-qualified URI with the HTTPS protocol.
- Project Name.
The OIDC specification suggests client libraries for a variety of technology platforms.
The standard claims are defined by the specification. The “sub” claim will be a stable UUID for the user and MyDataHelps will return the ParticipantIdentifier separately as the “participantidentifier” claim.
If you need to obtain the email address of the user, your software client should also request the “email” scope when redirecting to our OIDC server.
You can find the OIDC metadata at the following location: https://mydatahelps.org/identityserver/.well-known/openid-configuration
The OIDC metadata includes a link to the JWKS URI where you can find the public key of the certificate(s) used to sign the identity tokens. Most client libraries support consuming the OIDC metadata and downloading the certificates automatically.