Guides

Client-Initiated Backchannel Authentication (CIBA)

Suggest Edits

Learn more about Client-Initiated Backchannel Authentication.

Prerequisites

  • Set up ISVAOP
  • Set up an application or relying party that supports client-initiated backchannel authentication flow.

Configuring ISVAOP

  • Ensure the urn:openid:params:grant-type:ciba grant type is enabled in provider.yml.

    # Copyright contributors to the IBM Security Verify Access OIDC Provider Resources project
definition:
  grant_types:
    - "urn:openid:params:grant-type:ciba"

  • Create a new static client configuration client_ciba.yml and copy the following content:

    # Copyright contributors to the IBM Security Verify Access OIDC Provider Resources project
client_id: client_ciba
client_secret: "OBF:U2FsdGVkX1989Y/UBwz1BNPbIkv0hgBTcoynJtlRt56hu3TGX+5Kdi4TJ6MLMYtO" # ahwoaor82noawasg
client_name: CIBA Client
enabled: true
grant_types:
  - urn:openid:params:grant-type:ciba
token_endpoint_auth_method: default
backchannel_token_delivery_mode: poll
backchannel_user_code_parameter: false

Updated over 1 year ago