This article pairs with another article: “Technical Review of Civic’s Secure Identity Platform”. The verdict is that the current implementation has some very strange design decisions that do not add anything to the overall security. Instead, a standardised approach should have been taken using OAuth or OpenID Connect, as opposed to the current self-rolled authentication protocol.
To get started with civic, I’m going to use it as an authentication method in an ASP.NET Core application. This will use the ASP.NET Core MVC Visual Studio template, with no authentication. Authentication is going to be triggered manually using a login button in the sites header.
You can find the completed proof of concept on GitHub.Read more