Login with your Romanian ID card
A single tap of your ID card replaces registration and login — no password, no form, with MAI-verified data.
How it works for your clients
Your users authenticate on your website with their ID card — no password, no form.
The website shows a QR code. Open EidKit on your phone and scan it.
Enter the CAN (6 digits on the front of the card) and the 4-digit PIN set at MAI.
Hold your ID card to the back of your phone. Your identity is cryptographically verified — you're authenticated.
Shared data (name, date of birth, address) comes directly from the ID card chip, verified by MAI — not entered manually by you. Your CNP is never shared with the website unless explicitly requested.
Websites that accept ID card authentication:
Add ID card login to your platform
EidKit SSO works like any other OIDC provider — same flow as Google Sign-In or Apple Sign-In. Your users authenticate by tapping their card, you receive MAI-verified data.
There is no difference between registration and login. The first card tap creates the account automatically — no form, no email, no password.
Name, date of birth, and address come directly from the ID card chip, cryptographically verified by MAI. You don't depend on what the user types.
The server issues no token without cryptographic proof that the user holds the physical card and knows the PIN. Cryptographic binding between identity and chip (Chip Authentication, BSI TR-03110) makes the split-proof attack impossible. No captured password, no screenshot, no cloning can pass the check.
Client ID, Client Secret, redirect URI — exactly like any other provider. If you've ever integrated Google or GitHub OAuth, you already know everything you need.
Contact us for access and we'll configure your first OIDC client.