Introduction
Finna has support for OpenID Connect that allows third parties to request user authorization while giving the user control over the process. The user can see what information is being requested and grant or deny the request case by case.
See OpenID Connect Primer for an introduction into OIDC and how the process works.
Instructions and Guidelines
- Please contact [email protected] first.
- The service is only available on agreement.
- Make sure to request only the bare minimum of information you need for required functionality. For instance if you need to know user's age, use the age scope instead of birthdate.
- Please note that Finna consists of different instances for specific audiences. To limit the eligible user accounts, use the OIDC provider of a specific instance instead of finna.fi.
Supported functionality
Finna supports the authorization code flow.
The following scopes are available in addition to the standard scopes openid, profile, email, address and phone defined by the OIDC specification:
| Scope | Description |
|---|---|
| id | User's unique identifier in Finna |
| name | User's name (full name, first name, last name) |
| age | User's age calculated from birthdate (see below) |
| birthdate | User's birthdate returned by a library for a library card |
| locale | User's current language |
| block_status | Whether the user has blocks (e.g. a borrowing block) placed for their library card. Possible values are true (blocks set), false (no blocks) or null (status unknown) |
| library_user_id | A unique one-way hash of user's identifier in the library system |
| library_card | User's library card number |
| auth_method | User's primary authentication method |
