Version: 2.2.0

Consent management

Consent Management

Consent management can be used to obtain user consent, e.g. during registration, login or action-based. Let us understand the terminology.

• consent group: A consent group can consist of multiple different consents e.g. data privacy policy, terms and conditions etc. It can be assigned to a particular client. It can also be assigned to a particular registration field. In cidaas we term this unique consent group as consent-group-id.
• consent instance: A consent represents one particular consent e.g. data privacy policy. In cidaas we term this unique consent as consent-id.
• consent version: Each consent can have different versions e.g. due to changed regulatory requirements or further data that needs to be requested. In cidaas we term this unique consent version as consent-version-id.

Legal Types

Legal types define the legal basis for data processing according to GDPR:

• consent: User has given explicit consent for the processing of their personal data (Art. 6(1)(a) GDPR)
• contract: Processing is necessary for the performance of a contract (Art. 6(1)(b) GDPR)
• legal_obligation: Processing is necessary for compliance with a legal obligation (Art. 6(1)(c) GDPR)
• vital_interests: Processing is necessary to protect vital interests (Art. 6(1)(d) GDPR)
• public_authority: Processing is necessary for the performance of a task carried out in the public interest (Art. 6(1)(e) GDPR)
• legitimate_interests: Processing is necessary for the purposes of legitimate interests (Art. 6(1)(f) GDPR)

Consent Types

Consent types define how consent is obtained:

• actionbased: Consent is requested when a specific action is performed (e.g., when user clicks a button)
• declarative: Consent is requested during registration or login flow

Note: Consent type is only applicable when legal type is consent.

Deonticity

Deonticity defines whether consent is mandatory or optional:

• required: The consent must be accepted to proceed
• optional: The consent can be skipped

Processing Purposes

Processing purposes describe why personal data is being collected and processed. This helps users understand the purpose of data collection and is required for GDPR compliance.

Want to know more about the cidaas consent management, do read our exclusive documentation.

Authentication

OAuth 2.0: OAuth2

Security Scheme Type:	oauth2
OAuth Flow (authorizationCode):	Token URL: https://domain/token-srv/token Authorization URL: https://domain/authz-srv/authz Refresh URL: https://domain/token-srv/token Scopes: cidaas:consent_read: can read consents cidaas:consent_write: can write consents cidaas:consent_delete: can delete consents profile: openid scope profile to have access to user profile cidaas:users_read: can read user information cidaas:users_write: can write user information
OAuth Flow (clientCredentials):	Token URL: https://domain/token-srv/token Scopes: cidaas:consent_read: can read consents cidaas:consent_write: can write consents cidaas:consent_delete: can delete consents

Contact

cidaas support: [email protected]

URL: https://support.cidaas.com

Terms of Service

https://www.cidaas.com/terms-of-use/