[Openid-specs-ab] Using OIDC for "device authentication"
George Fletcher
gffletch at aol.com
Tue Oct 3 01:52:37 UTC 2017
Hi Rich,
Yes that would work though it requires the user to know the client
credentials. That might be weird for a consumer to know and for public
clients that don't have a secret would mean just the client_id. I'll
have to think about this.
Thanks,
George
On 10/2/17 7:00 PM, rich levinson wrote:
> Hi George,
>
> I have not explicitly verified this, however, I would imagine that a user
> using a client device could, in theory, launch a request using the
> OIDC Authorization Code flow from that device, where the user could
> provide the client creds for login, and if the az-svr accepted that for
> login then the identity and access tokens would have the device
> id as the subject, I think.
>
> Thanks,
> Rich
>
>
> On 10/2/2017 11:46 AM, George Fletcher via Openid-specs-ab wrote:
>> I'm just curious if anyone else has looked at trying to leverage the
>> OIDC redirect flow but instead of doing end-user authentication...
>> authenticating the device. I have a use case where one property needs
>> to redirect the device to the OP and get back a code to exchange for
>> tokens. The "subject" of the token is the device identifier not the
>> end-user.
>>
>> I realize that OIDC was not really designed for this, but it does
>> have a lot of the protections needed for redirect based protocols:)
>>
>> Thanks,
>> George
>> _______________________________________________
>> Openid-specs-ab mailing list
>> Openid-specs-ab at lists.openid.net
>> https://urldefense.proofpoint.com/v2/url?u=http-3A__lists.openid.net_mailman_listinfo_openid-2Dspecs-2Dab&d=DwICAg&c=RoP1YumCXCgaWHvlZYR8PQcxBKCX5YTpkKY057SbK10&r=nNxUKneeZofWTyt9qclOUTeEg29NkEkknFyDupoNiiA&m=LgekHGfZDUzU6dr1ZRnSu0aa0liugt0dIscH-h0G4dA&s=O5ro-n7tpA2ELCf1k_v4zw3i40SUE-OBmxvH_CbBbJk&e=
>
>
>
More information about the Openid-specs-ab
mailing list