[Openid-specs-ab] Using OIDC for "device authentication"
rich levinson
rich.levinson at oracle.com
Mon Oct 2 23:00:11 UTC 2017
Hi George,
I have not explicitly verified this, however, I would imagine that a user
using a client device could, in theory, launch a request using the
OIDC Authorization Code flow from that device, where the user could
provide the client creds for login, and if the az-svr accepted that for
login then the identity and access tokens would have the device
id as the subject, I think.
Thanks,
Rich
On 10/2/2017 11:46 AM, George Fletcher via Openid-specs-ab wrote:
> I'm just curious if anyone else has looked at trying to leverage the OIDC redirect flow but instead of doing end-user authentication... authenticating the device. I have a use case where one property needs to redirect the device to the OP and get back a code to exchange for tokens. The "subject" of the token is the device identifier not the end-user.
>
> I realize that OIDC was not really designed for this, but it does have a lot of the protections needed for redirect based protocols:)
>
> Thanks,
> George
> _______________________________________________
> Openid-specs-ab mailing list
> Openid-specs-ab at lists.openid.net
> https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openid.net_mailman_listinfo_openid-2Dspecs-2Dab&d=DwICAg&c=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=nNxUKneeZofWTyt9qclOUTeEg29NkEkknFyDupoNiiA&m=LgekHGfZDUzU6dr1ZRnSu0aa0liugt0dIscH-h0G4dA&s=O5ro-n7tpA2ELCf1k_v4zw3i40SUE-OBmxvH_CbBbJk&e=
More information about the Openid-specs-ab
mailing list