Skip to main content

Overview of INApas

INApas is a national digital identity platform that allows users to access public services with one convenient and secure account. Using the OpenID Connect 1.0 (OIDC) and OAuth 2.0 protocols, INApas ensures secure authorization and authentication according to international standards. The service also uses Multi-Factor Authentication (MFA) to ensure user data security through digital identity and access public services in just a few steps. The multi-layered encryption process provides optimal protection for electronic access to public services.

🎯 INApas Objectives

  1. Simplifying Access to Public Services
    INApas aims to provide one national digital identity that makes it easier for people to access various public services more quickly and practically through only one account.

  2. Ensuring User Data Security
    Implementing Multi-Factor Authentication (MFA) and security protocols such as OpenID Connect (OIDC) 1.0 and OAuth 2.0 to ensure optimal user data protection.

  3. Supporting Government Digital Transformation
    INApas is an important foundation in driving digital transformation in Indonesia by providing electronic user data authentication and authorization services.

  4. Practical User Identification
    INApas enables identity verification through features such as fingerprint, face scan, or PIN, making the identification process more efficient and practical.

  5. Simplifying the Bureaucratic Process
    With INApas, people no longer need to use multiple accounts or manual verification to access public services, making bureaucracy simpler and more transparent.

  6. Providing Ease in Digital Life
    INApas is designed to provide convenience and efficiency in everyday life, where people can access various digital services quickly, safely, and seamlessly, supporting more productive activities.

🔗 Benefits of Integration with INApas

For Users:

  • One digital identity for multiple services.

  • Passwordless authentication.

  • Full control over shared data.

  • Additional security options.

For Service Providers:

  • Easy integration.

  • Standardized protocol.

  • Flexible verification options.

  • Secure data exchange.

  • Reduced implementation complexity.

🔑 How INApas OIDC 1.0 and OAuth 2.0 Work?

Authorization Flow

INApas utilizes the Authorization Code Flow, the most commonly used and secure authentication method in OpenID Connect 1.0 (OIDC) and OAuth 2.0. This flow is specifically designed for client/server-based applications, ensuring enhanced security by issuing an authorization code first, instead of directly providing the ID Token or Access Token to the RP (Relying Party) application.

Work Process

  1. User Initiates Login
    The user clicks the "Login with INApas" button in the RP application.

  2. Authorization Request
    The RP application sends an authorization request to the INApas server.

  3. Authorization Code Issued
    INApas returns an authorization code after the user successfully logs in and gives approval.

  4. Token Exchange
    The RP application exchanges the authorization code for an Access Token and ID Token to continue the authentication process.

  5. Token Verification
    The RP application validates the received tokens using JWT assertion to ensure their integrity and authenticity.

With this approach, the authorization code flow ensures higher security as sensitive data is not directly passed to the application frontend, and is only routed through the more secure application backend.

This guide is designed to provide a thorough understanding of the authentication process, as explained more fully in OIDC 1.0 & OAuth 2.0.

🔐 How does INApas Multi-Factor Authentication (MFA) Work?

Multi-Factor Authentication (MFA) is an additional security mechanism that ensures users accessing services have passed more than one level of identity verification. INApas implements MFA to improve user authentication security. Here is a brief explanation of how MFA works in INApas:

Process

  1. Initial Credential Verification
    Users enter their personal data such as NIK, full name, date of birth, email, and mobile number on the “Verification Form” screen. The information is verified using a trusted source (Dukcapil) for demographic data checks to ensure the accuracy and validity of the entered information.

  2. Biometric Verification (Face)
    Users perform a face scan to validate their identity. The scan is synchronized with a trusted source (Dukcapil) for biometric verification. INApas also uses liveness detection to capture the face in real-time, preventing spoofing.

    • If successful: The user proceeds to the next security step.
    • If unsuccessful: The user is prompted to repeat the facial verification process.

  3. Additional Verification
    INApas asks users to complete additional verification steps:

    • OTP Code: Sent to the email address provided during the initial stage.
    • OTP Verification: The user approves authentication through the registered device.

  4. INApas PIN Setup and Local Authentication
    After successful facial and OTP verification, users complete the following steps:

    • Setting a PIN: The user creates and confirms a INApas PIN for added security.
    • Local Authentication: The user verifies their identity through local/device-branded fingerprint or password as an advanced security measure.

  5. Service Access
    Once all stages are successfully completed, users gain secure access to the public services available through INApas.