Server-initiated Authentication
Issue #45
resolved
The MODRNA WG will propose a reasonable mechanisms to perform authentication in cases, where no user agent is available and the authentication process needs to initiated via server 2 server communication. Use cases are for example user authentication in the context of a call center call. The idea is to introduce an extension to the token endpoint (TBD: new grant type or JWT bearer assertion), which is used in conjunction with the standard scope value “openid” and potentially other OIDC scope values and parameters to initiate the authentication. The authentication process is conducted out of band using the same mechanisms the ID gateway uses for the standard Mobile Connect/OpenID Connect authentication flow via browser redirect. To be considered: * callback/polling needed * RP potentially knows MSISDN or PPID and wants to enforce it (2nd factor authentication via Mobile Connect)
Comments (7)
-
reporter
-
reporter
-
assigned issue to
Gonzalo Fernández
-
assigned issue to
-
-
Propose closed with the existence of CIBA specification (Implementer's Draft version).
-
- edited description
- changed component to CIBA
-
Closed. See MODRNA WG meeting (Sep. 6, 2017) notes.
-
- changed status to resolved
This issue has been agreed to be closed because there is already a spec. CIBA.
- Log in to comment
Gonzalo volunteered to lead the topic. Florian agreed to work on the topic as well.
Goal: draft by end of July