[Openid-specs-ab] Using OIDC for "device authentication"
George Fletcher
gffletch at aol.com
Mon Oct 2 15:46:24 UTC 2017
I'm just curious if anyone else has looked at trying to leverage the
OIDC redirect flow but instead of doing end-user authentication...
authenticating the device. I have a use case where one property needs to
redirect the device to the OP and get back a code to exchange for
tokens. The "subject" of the token is the device identifier not the
end-user.
I realize that OIDC was not really designed for this, but it does have a
lot of the protections needed for redirect based protocols:)
Thanks,
George
More information about the Openid-specs-ab
mailing list