Goodbye passwords

Simple. Secure. No downloads
or plugins required.

Protect users from being tracked and having their online activity monetized. LoginIDs Data Privacy solution is a regulatory compliant approach for the storage of private data and meets the EU's GDPR and California's CCPA policies.

Add it to your project
Privacy is a right

Privacy is a right

Technology these days can both help and hinder privacy violations by states and companies. Our solution counters the emerging surveillance state and protects all users from being tracked and having their online activity monetized.

Security matters

Weak authentication leads to increased risk for both consumers and business. LoginID provides the most advanced biometric, multi-device authentication system built with leading standards and regulatory compliance.

Security matters

LoginID provides privacy and solves compliance issues through these three key pillars

Authentication

Authentication

LoginID uses secure hardware and biometrics to authenticate and authorize your customers using FIDO/W3C standards

Fast Identity Online
World Wide Web Consortium
Privacy

Privacy

LoginID utilizes a patent-pending cryptographic method, Secure Data Diffusion Protocol, for securing and tokenizing a customer’s personally identifiable information (PII) across a decentralized blockchain network

Compliance

Compliance

LoginID provides compliance under General Data Protection Rights (GDPR) regulations in Europe and the California Consumer Privacy Act (CCPA) legislation effective January 1, 2020.

General Data Protection Regulation
Payment Services Directive

Developer focused

Our goal is to provide the simplest, fastest way for you to give a industry/regulatory body approved way to help secure customer interactions. As a FIDO2 approved authentication provider, LoginID can help you build secure authentication into any website login/password, ecommerce interaction or smart contract execution.

Start now 
                            


Require_once 'vendor/autoload.php';

$provider = new \League\OAuth2\Client\Provider\GenericProvider([
    'clientId'                => 'demoapp',    // The client ID assigned to you by LoginID
    'clientSecret'            => 'demopass',   // The client password assigned to you by LoginID
    'redirectUri'             => 'https://example.com/your-redirect-url/',
    'urlAuthorize'            => 'https://openiddemo.loginid.io/hydra/oauth2/auth',
    'urlAccessToken'          => 'https://openiddemo.loginid.io/hydra/oauth2/token'
]);

// If we don't have an authorization code then get one
if (!isset($_GET['code'])) {

    // Fetch the authorization URL from the provider; this returns the
    // urlAuthorize option and generates and applies any necessary parameters
    // (e.g. state).
    $authorizationUrl = $provider->getAuthorizationUrl();

    // Get the state generated for you and store it to the session.
    $_SESSION['oauth2state'] = $provider->getState();

    // Redirect the user to the authorization URL.
    header('Location: ' . $authorizationUrl);
    exit;

// Check given state against previously stored one to mitigate CSRF attack
} elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) {

    unset($_SESSION['oauth2state']);
    exit('Invalid state');

} else {

    try {

        // Try to get an access token using the authorization code grant.
        $accessToken = $provider->getAccessToken('authorization_code', [
            'code' => $_GET['code']
        ]);

        // We have an access token, which we may use in authenticated
        // requests against the service provider's API.
        echo $accessToken->getToken() . "\n";
        echo $accessToken->getRefreshToken() . "\n";
        echo $accessToken->getExpires() . "\n";
        echo ($accessToken->hasExpired() ? 'expired' : 'not expired') . "\n";

        // Using the access token, we may look up details about the
        // resource owner.
        $resourceOwner = $provider->getResourceOwner($accessToken);

        var_export($resourceOwner->toArray());

        // The provider provides a way to get an authenticated API request for
        // the service, using the access token; it returns an object conforming
        // to Psr\Http\Message\RequestInterface.
        $request = $provider->getAuthenticatedRequest(
            'GET',
            'https://example.com/oauth2/lockdin/resource',
            $accessToken
        );

    } catch (\League\OAuth2\Client\Provider\Exception\IdentityProviderException $e) {

        // Failed to get the access token or user details.
        exit($e->getMessage());

    }

}
Features for Enterprise and DIY

Features for both Enterprise and DIY

Increase conversions

Simpler, more secure methods for customer signups, subsequent logins and e-commerce transactions

Lower costs

Lower operational resources and costs associated with customer accounts that may have been compromised

Regulatory compliant

GDPR compliant and adheres to PSD2 principles

Convenience for customers

Zero friction around logins for customers

Confidence for customers

Highly secure for customers utilizing customer biometrics and device hardware, based on the leading FIDO2 security standard.

Get started!

Add secure, password-less, private logins to your website and/or mobile app

It's easy!