Specify Authentication Device

Issue #168 resolved

Christopher Vivek Vinushanth created an issue 2019-10-06

Is there any way that the user could specify a certain authentication device with which he wants to authenticate?

[since he is registered to OP with many Authentication devices].

Any parameter that could help OP to identify the preference of devices?

Comments (4)

Bjorn Hjelm
Is your question related to type of authentication or a specific device? If specific device, what’s the use case/requirements that would support this?
- 2019-10-07T17:12:02+00:00
Brian Campbell
acr_values could be used (or misused) to indicate a certain authentication device. Such info could also be included within the login_hint_token. Both would require some prior coordination between the parties.
- 2019-10-09T12:46:22+00:00
Christopher Vivek Vinushanth reporter
Thanks, Brian. This is what I am looking for.

And Bjorn, I meant specific device. Say I logged into a banking application with my smartphone and a tab. And I am at a mall and need to specify that now I have my phone so that the Authorization server could push authentication request to my phone only!

‌
- 2019-10-16T03:29:45+00:00
Dave Tonge
- changed status to resolved
Discussed on the call. As mentioned ACR values "could" be used with prior co-ordination between parties. However the WG is not in favour of RPs specifying authentication devices.
- 2019-10-29T14:10:44+00:00
Log in to comment