Architecture
The Web SDK sits between your web application and the SophID mobile flow.
Browser Flow
- Request a
BSTfrom your server. - Pass that session data into the SDK.
- Launch the mobile handoff.
- Wait for a signed
BRT. - Submit or return the result for server-side verification.
Supported Contexts
- Phone browsers with deep links
- Desktop browsers using QR handoff
Design Goal
The browser owns transport and user interaction. The backend remains the source of truth for token creation and verification.