The Relying Party is a service which wants to accept ID4me identifiers to allow users easier login and hand-over of the data.

Implementing Relying Party role can be very different depending on used platform, framework or programming language. This page summarizes useful material and resources for most common approaches to Relying Party implementation.

Useful Documents

Client Libraries

LanguageNameReleaseRepository & DocumentationComments
Javaorg.id4me:relying-party-apimaven.orgID4me GitLab
Reference implementation
Pythonid4me-rp-clientPyPiID4me GitLab Reference implementation
id4me/id4me-rp PackagistID4me GitLabOnly Authentication
NuGetID4me GitLabReference implementation in C#

Framework Libraries / Extensions

FrameworkName Release Repository & Documentation Comments
Djangodjango-allauth-id4mePyPiID4me GitLabID4me Extension to django-allauth.
WordPressID4meGitLabID4me GitLabBased on id4me/id4me-rp, only Authentication

Button design

Reference designs for the login Button in various formats and sizes are available here:

Implementation tips & hints

As ID4me is based on Open ID Connect, a well established standard, there are many libraries available which cover a big portion of the protocol saving precious implementation time. Many frameworks have already built in support or available APIs to utilize functionalities of Single-Sign-On. The support can be either native or through already available plugins or extensions. Before implementing a library from the scratch or heading for very custom implementation it’s worth a while to do a research of available options for your purpose.

ID4me utilizes some features of OpenID Connect, which are not always implemented by available libraries. Common suspects are Dynamic Client Registration and Distributed Claims. Please make sure the library of your choice have it covered or allows easy extension of the missing part. If planning to use ID4me’s unique feature to specify reasons for data requirements, which is not a part of OpenID Connect, most likely a custom implementation would be needed.

Heading for own implementation of OpenID Connect it is especially advised to use a well established and tested library for JOSE and JWT, implementing all necessary checks and free of known security vulnerabilities. A handy repository of options is available at together with a very useful debugger. The library must support JWE (encrypted) and JWS (signed) tokens, as well as offer handling for JWK and JWKSets.

Tools and testing end-points

Getting a new ID4me Identifier

In order to test your integration you would of course need an own ID4me identifier. You can register one very easily, assuming you have a domain name you can set DNS records on. There is an open instance of an agent working with Identity Authority instance of DENIC – DENIC ID available at

Register your ID:

Debugging Relying Party flow

For debugging purposes there is a Relaying Party instance at which allows full flow through the login process and displays relevant tokens.

Postman collection

In order to debug particular calls Relying Party would need to do you can use this Postman collection and just adjust end-points or values

DNS Records resolver

In case DNS lookup for TXT record or DNSSEC check is not possible (for example due to Javascript sandbox security policies in web browsers), there is a helper end-point available at:{domain_name}

This service concludes the discovery step to get an Identity Authority URL behind an ID as well as verification of required DNSSEC signatures of the corresponding DNS zones. Source code>.

Contact us

Let us know if you work on an open source project with ID4me. We will be glad to list a reference to your work on this page.

We are available for any questions you might have during your integration:

You can also just post a comment.

Come hack with us

ID4me will be one of the featured projects during CloudFest 2019 Hackathon. Maybe we need YOU there?

Come and help to develop ID4me as the best open Digital Identity in the hosting and cloud space. Read more>

Leave a Reply

Your email address will not be published.