TRY TRIAD
ONE REQUEST.
TWO FLOWS.
Configure what the demo client asks for, then use a browser redirect or device code. Both paths return the same verifiable identity contract.
CONFIGURE THE CLIENT REQUEST
Requested profile claims default off here. Any selected claim is required for the transaction and shown again at consent.
Loading enabled providers...
01 / BROWSER
AUTHORIZATION CODE + PKCE
Triad creates a 64-byte verifier, sends only its S256 challenge, and checks state before exchanging the returned code.
- CLIENT
- triad-demo
- PROVIDER
- loading
- VERIFICATION
- ES256 + JWKS
Loading enabled providers.
02 / DEVICE
DEVICE AUTHORIZATION
Start a device grant, approve the displayed code in another browser tab, and leave this page open while it polls.
USER CODEOPEN VERIFICATION PAGE ↗
No device request is active.
SIGNATURE VALID
VERIFIED IDENTITY
- pairwise_sub App-scoped. Different for every client.
- account_sub Broker-global. Correlates this account across Triad clients.
- provider_sub Provider-global and correlatable across Triad clients that receive it.