# Aritma ID

Aritma ID is a security token service. To access any Aritma API you need to get
tokens from Aritma ID. The token service has a few responsibilities:

- [User registration](#user-registration)
- [Application registration](#application-registration)
- Initiate and maintain user sessions
- [Issue user security tokens](#user-security-tokens)
- [Issue application security tokens](#application-security-tokens)


## Open ID Connect

Aritma ID supports OpenID Connect (OIDC). The OIDC discovery document is available at:
`https://id.aritma.io/{tenant}/.well-known/openid-configuration`.
For existing integrations use `common` tenant (`https://id.aritma.io/common/.well-known/openid-configuration`).

> *NOTE* `https://id.aritma.io/.well-known/openid-configuration` will remain functional for backward compatibility.


## Tenancy

Aritma ID support [tenancy](/apis/platform/ids/tenants). After you have recieved a tenant and finished all initiating processes,
the users can create new Aritma ID accounts for that tenant.

### User registrations

To get a Aritma ID user, browse to `https://id.aritma.io/{tenant}/User/Registration/CreateAccount`.

## Application registration

For application registration, see [Clients overview](/apis/platform/iam/clients/overview).

## Authorization flows

### User security tokens

The token service support the following user authorization flows:

- [Authorization Code Flow](/apis/platform/ids/flows/authorization-code)
- [Authorization Code Flow with PKCE](/apis/platform/ids/flows/authorization-code-with-pkce)
- [Device Code](/apis/platform/ids/flows/device-code)


### Application security tokens

The token service support the following application authorization flows:

- [Client Credentials](/apis/platform/ids/grants/client_credentials)
- [Client Assertions](/apis/platform/ids/grants/client_assertion)
- [Delegation](/apis/platform/ids/grants/delegation) (aka token exchange)
- [Refresh Token](/apis/platform/ids/grants/refresh_token)