[Openid-specs-mobile-profile] Issue #62: CIBA - Support for Spam Prevention code in Authentication Request (openid/mobile)

Petteri Stenius issues-reply at bitbucket.org
Tue Oct 31 15:22:45 UTC 2017

New issue 62: CIBA - Support for Spam Prevention code in Authentication Request

Petteri Stenius:

In the Finnish Mobile PKI service end users may opt-in for a Spam Prevention code [1]. The code must be delivered with the user's Phone Number to the Mobile PKI operator to initiate mobile authentication process.

The Estonian and Lithuanian Mobile PKI service requires as input the end user's Phone Number and Personal Identification Code [2].

Should there be support for these kinds of fields in the CIBA Authentication Request? 

It may be possible to encode these fields as service specific claims in login_hint_token, unless the login_hint_token is received from the discovery service.

[1] http://mobiilivarmenne.fi/wp-content/uploads/2017/05/MSS_FiCom_Implementation_guideline.pdf, chapter
[2] http://sk-eid.github.io/dds-documentation/#starting-mobile-id-operations

More information about the Openid-specs-mobile-profile mailing list