jspωiki
OpenID Connect Client Initiated Backchannel Authentication Flow

Overview#

OpenID Connect Client Initiated Backchannel Authentication Flow (CIBA) is a specification written by MODRNA Working Group of OpenID Foundation defines a new OAuth 2.0 Grant Type where user consent can be requested through an Out of Band Request flow..

OpenID Connect Client Initiated Backchannel Authentication Flow public review period for the specification started on Dec. 14, 2018 and it was approved on Feb. 4, 2019.

CIBA flows, the Authorization Server delegates the tasks of End-User authentication and consent confirmation to an authentication device of the end-user. A smartphone is a typical example of authentication devices. This process is performed on the background after a response is returned from the backchannel authentication endpoint to the OAuth Client application.

OpenID Connect Client Initiated Backchannel Authentication Flow flows allows the OAuth Client application is not under the control of the End-User and it can be physically separated from the authentication device. For example, CIBA can support a use case where a OAuth Client application is running on a computer in front of an operator working in a call center in Okinawa, while end-user authentication and consent confirmation are performed on a smartphone at the hand of the end-user who has made the call to the call center from Tokyo.

OpenID Connect Client Initiated Backchannel Authentication Flow allows the ability to complete the authorization, the user can receive a push Notification sent to the financial institution’s native mobile app running on the user’s phone, allowing the customer to avoid confusing Redirection via web browsers.

More Information#

There might be more information for this subject on one of the following: