• Type: Technical task
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:


      We need to ensure that dynamic client registration works with these new settings:

      Clients registering to use CIBA MUST indicate a token delivery mode. When using the ping or poll mode, the Client MUST include the CIBA grant type in the "grant_types" field. When using the ping or push mode, the Client MUST register a client notification endpoint. Clients intending to send signed authentication requests MUST register the signature algorithm that will be used. The following parameters are introduced by this specification:

      • backchannel_token_delivery_mode: REQUIRED. One of the following values: poll, ping or push.
      • backchannel_client_notification_endpoint: REQUIRED if the token delivery mode is set to ping or push. This is the endpoint to which the OP will post a notification after a successful or failed end-user authentication. It MUST be an HTTPS URL.
      • backchannel_authentication_request_signing_alg: OPTIONAL. The JWS algorithm alg value that the Client will use for signing authentication request, as described in Section 7.1.1. When omitted, the Client will not send signed authentication requests.
      • backchannel_user_code_parameter: OPTIONAL. Boolean value specifying whether the Client supports the user_code parameter. If omitted, the default value is false. This parameter only applies when OP parameter backchannel_user_code_parameter_supported is true.

      The token_endpoint_auth_method indicates the registered authentication method for the client to use when making direct requests to the OP, including requests to both the token endpoint and the backchannel authentication endpoint.




            • Assignee:
              peter.major Peter Major [X] (Inactive)
            • Votes:
              0 Vote for this issue
              1 Start watching this issue


              • Created: