Users get one ThomasID account, one login flow, and one place to see every connected service and the data each service keeps under their identity.
After login, users can see every connected service, when it last used their ThomasID, and the exact JSON payload stored for that service.
Other services redirect users to ThomasID, receive a 24-hour token, and then read or write service-specific data using the API.