Overview#OpenID Connect Client Initiated Backchannel Authentication Flow (CIBA) is a specification written by MODRNA Working Group of OpenID Foundation defines a new OAuth 2.0 Grant Type where user consent can be requested through an Out of Band Request flow..
OpenID Connect Client Initiated Backchannel Authentication Flow public review period for the specification started on Dec. 14, 2018 and it was approved on Feb. 4, 2019.
CIBA flows, the Authorization Server delegates the tasks of End-User authentication and consent confirmation to an authentication device of the end-user. A smartphone is a typical example of authentication devices. This process is performed on the background after a response is returned from the backchannel authentication endpoint to the OAuth Client application.
OpenID Connect Client Initiated Backchannel Authentication Flow flows allows the OAuth Client application is not under the control of the End-User and it can be physically separated from the authentication device. For example, CIBA can support a use case where a OAuth Client application is running on a computer in front of an operator working in a call center in Okinawa, while end-user authentication and consent confirmation are performed on a smartphone at the hand of the end-user who has made the call to the call center from Tokyo.
OpenID Connect Client Initiated Backchannel Authentication Flow allows the ability to complete the authorization, the user can receive a push Notification sent to the financial institution’s native mobile app running on the user’s phone, allowing the customer to avoid confusing Redirection via web browsers.
More Information#There might be more information for this subject on one of the following:
- [#1] - “CIBA”, a new authentication/authorization technology in 2019, explained by an implementer - based on information obtained 2019-08-05
- [#2] - OpenID Connect Client Initiated Backchannel Authentication Flow - based on information obtained 2019-08-05
- [#2] - IMPROVING THE CUSTOMER EXPERIENCE WITH CLIENT INITIATED BACKCHANNEL AUTHENTICATION (CIBA) - based on information obtained 2019-08-05