[Openid-specs-mobile-profile] CIBA's Backchannel Authentication Endpoint

Brian Campbell bcampbell at pingidentity.com
Fri Jul 6 20:34:47 UTC 2018


 CIBA introduces a new endpoint sometimes called Backchannel Authentication
Endpoint and sometimes called bc-authorize (also kinda implying that
bc-authorize should be the actual path, which is something that shouldn't
be dictated by spec). The new endpoint should be introduced/described in
the spec with a consistent name and then define and register a new
Authorization Server Metadata parameter for it that allows the AS to
determine the endpoint URI and publish it in metadata. The OAuth 2.0 Device
Flow does this with its Device Authorization Endpoint (in
https://tools.ietf.org/html/draft-ietf-oauth-device-flow-10#section-2 and
https://tools.ietf.org/html/draft-ietf-oauth-device-flow-10#section-4 and
https://tools.ietf.org/html/draft-ietf-oauth-device-flow-10#section-7.3)
which is similar in many respects to CIBA's new endpoint and is a good
pattern to follow.

-- 
_CONFIDENTIALITY NOTICE: This email may contain confidential and privileged 
material for the sole use of the intended recipient(s). Any review, use, 
distribution or disclosure by others is strictly prohibited.  If you have 
received this communication in error, please notify the sender immediately 
by e-mail and delete the message and any file attachments from your 
computer. Thank you._
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-mobile-profile/attachments/20180706/6f6385a2/attachment-0001.html>


More information about the Openid-specs-mobile-profile mailing list