[Openid-specs-ab] Issue #1401: Advanced cross device flow for SIOP (openid/connect)
tlodderstedt
issues-reply at bitbucket.org
Thu Jan 20 10:55:44 UTC 2022
New issue 1401: Advanced cross device flow for SIOP
https://bitbucket.org/openid/connect/issues/1401/advanced-cross-device-flow-for-siop
Torsten Lodderstedt:
The current cross device flow works fine, however it forces the RP to make assumptions about the SIOP/wallet the user might choose to process the SIOP request.
I propose to investigate an advanced flow that involves an advertisement/discovery step and allows Rp and SIOP to better adjust the flow to each others capabilities.
The RP could render a QR code that give rise to its capabilities and endpoints. The user then scans that QR code with the wallet of her choice.
The wallet uses the QR code data and send a request to the RP containing its capabilities and endpoints/identifiers in a direct HTTPS POST request.
In the HTTPS POST response, the RP directly sends with the authentication request data \(tailored for the particular SIOP\).
As already noted, this flow would allow the RP and the SIOP to tailor the requests to each others capabilities. Also, the QR code could potentially be static and concise.
More information about the Openid-specs-ab
mailing list