[Openid-specs-mobile-profile] Issue #45: Server-initiated Authentication (openid/mobile)

Torsten Lodderstedt issues-reply at bitbucket.org
Fri May 27 08:45:07 UTC 2016

New issue 45: Server-initiated Authentication

Torsten Lodderstedt:

The MODRNA WG will propose a reasonable mechanisms to perform authentication in cases, where no user agent is available and the authentication process needs to initiated via server 2 server communication. Use cases are for example user authentication in the context of a call center call. The idea is to introduce an extension to the token endpoint (TBD: new grant type or JWT bearer assertion), which is used in conjunction with the standard scope value “openid” and potentially other OIDC scope values and parameters to initiate the authentication. The authentication process is conducted out of band using the same mechanisms the ID gateway uses for the standard Mobile Connect/OpenID Connect authentication flow via browser redirect.
To be considered:
*	callback/polling needed
*	RP potentially knows MSISDN or PPID and wants to enforce it (2nd factor authentication via Mobile Connect)

More information about the Openid-specs-mobile-profile mailing list