Specify Authentication Device
Is there any way that the user could specify a certain authentication device with which he wants to authenticate?
[since he is registered to OP with many Authentication devices].
Any parameter that could help OP to identify the preference of devices?
Comments (4)
-
-
acr_values could be used (or misused) to indicate a certain authentication device. Such info could also be included within the login_hint_token. Both would require some prior coordination between the parties.
-
reporter Thanks, Brian. This is what I am looking for.
And Bjorn, I meant specific device. Say I logged into a banking application with my smartphone and a tab. And I am at a mall and need to specify that now I have my phone so that the Authorization server could push authentication request to my phone only!
-
- changed status to resolved
Discussed on the call. As mentioned ACR values "could" be used with prior co-ordination between parties. However the WG is not in favour of RPs specifying authentication devices.
- Log in to comment
Is your question related to type of authentication or a specific device? If specific device, what’s the use case/requirements that would support this?