[Openid-specs-ab] Issue #1571: [CIBA] Include an optional "auth_req_hint" in the successful authentication request acknowledgement (openid/connect)
Vivek Shankar
issues-reply at bitbucket.org
Thu Jul 21 18:00:46 UTC 2022
New issue 1571: [CIBA] Include an optional "auth_req_hint" in the successful authentication request acknowledgement
https://bitbucket.org/openid/connect/issues/1571/ciba-include-an-optional-auth_req_hint-in
Vivek Shankar:
The enhancement here is proposed in: [https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1\_0.html#rfc.section.7.3](https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1_0.html#rfc.section.7.3)
Given the means to perform user authentication is left to the authorization server, it is proposed that there be a means to inform the client of how that authentication is to be performed to provide appropriate instructions/feedback to the user.
For example: A user chooses to print photos from a kiosk and has initiated payment through his bank.
1. Authorization server \(that implements client-initiated backchannel authentication\) chooses the method of authentication. Let’s assume this is a push notification to an app installed on the user’s smart phone, if the user has the authenticator registered. Otherwise, it uses a different means, say an SMS with a URL link to complete authentication through a mobile browser.
2. Proposal: Include `auth_req_hint` in the response to indicate that a push notification \(or an SMS\) has been sent along with a correlation ID that is included in the message.
While this could be implemented as a proprietary extension to the specification, in order to ensure RPs are able to support this parameter, it should be included in the spec.
More information about the Openid-specs-ab
mailing list