Update CIBA implementation for spec draft 2 (OPENAM-15007)

[OPENAM-15010] Update client metadata Created: 10/May/19  Updated: 30/May/19

Status: Open
Project: OpenAM
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Technical task Priority: Major
Reporter: Peter Major [X] (Inactive) Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: NEWTON
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Rank: 1|hzy8a7:


We need to ensure that dynamic client registration works with these new settings:

Clients registering to use CIBA MUST indicate a token delivery mode. When using the ping or poll mode, the Client MUST include the CIBA grant type in the "grant_types" field. When using the ping or push mode, the Client MUST register a client notification endpoint. Clients intending to send signed authentication requests MUST register the signature algorithm that will be used. The following parameters are introduced by this specification:

  • backchannel_token_delivery_mode: REQUIRED. One of the following values: poll, ping or push.
  • backchannel_client_notification_endpoint: REQUIRED if the token delivery mode is set to ping or push. This is the endpoint to which the OP will post a notification after a successful or failed end-user authentication. It MUST be an HTTPS URL.
  • backchannel_authentication_request_signing_alg: OPTIONAL. The JWS algorithm alg value that the Client will use for signing authentication request, as described in Section 7.1.1. When omitted, the Client will not send signed authentication requests.
  • backchannel_user_code_parameter: OPTIONAL. Boolean value specifying whether the Client supports the user_code parameter. If omitted, the default value is false. This parameter only applies when OP parameter backchannel_user_code_parameter_supported is true.

The token_endpoint_auth_method indicates the registered authentication method for the client to use when making direct requests to the OP, including requests to both the token endpoint and the backchannel authentication endpoint.

Generated at Thu Feb 25 16:26:50 UTC 2021 using Jira 7.13.12#713012-sha1:6e07c38070d5191bbf7353952ed38f111754533a.