CIBA: Means to require "acr" as "essential"

Issue #103 resolved
Takahiko Kawasaki
created an issue

Is there any plan to add request parameters for the backchannel authentication endpoint that can require "acr" as "essential" (like the "claims" request parameter in OIDC Core)?

I'm sorry I don't know whether there exists any actual need for it, but I just wanted to point out that the current CIBA specification does not provide any means to require "acr" as essential.

Comments (7)

  1. Brian Campbell

    This should probably be discussed on the next call (in a few hours).

    I don't know if there's an actual need for it either.

    I think that something complicated like the "claims" request parameter from OIDC Core would be overkill in CIBA.

    If folks feel there is a need for something here, we could perhaps add some text to the acr_values parameter saying that acr should be in the resulting ID Token when the acr_values parameter was present in the request.

  2. Brian Campbell

    Discussed during the Nov 13 MODRNA WG call and there was general consensus to add some language to the acr_values parameter that strongly recommends acr be in the resulting ID Token when the parameter is present in the request.

  3. Log in to comment