Use this endpoint to initiate backchannel authentication

post https://{pointofcontact}/oauth2/ciba

Backchannel Authentication Endpoint is used to initiate an out-of-band
authentication of the end-user.

time	status	user agent
Retrieving recent requests…

Loading…

Form Data

request

string

Request object, signed and/or encrypted JWT.
When used, it may contain all the properties below. Besides parameters
used by client authentication, all the other parameters should be inside
the request object.

scope

string

required

Space-delimited string indicating the OAuth 2.0 scope to be associated with the
access request.

client_notification_token

string

A bearer token provided by the Client that will be used by the OIDC Provider to
authenticate the callback request to the Client. This is required when "ping"
token delivery mode is used.

acr_values

string

A space-separated string that specifies the requested Authentication Context
Class Reference values, with the values appearing in order of preference.

login_hint_token

string

An ID Token (JWT) previously issued to the Client by the OIDC Provider being passed
back as a hint to identify the end-user for whom authentication is being requested.
One of 'login_hint_token', 'id_token_hint' or 'login_hint' MUST be specified.

id_token_hint

string

A JWT token containing information identifying the end-user for
whom authentication is being requested.
One of 'login_hint_token', 'id_token_hint' or 'login_hint' MUST be specified.

login_hint

string

A hint to the OIDC Provider regarding the end-user for whom authentication
is being requested. The value may contain an email address, phone number,
account number, subject identifier, username, etc.
One of 'login_hint_token', 'id_token_hint' or 'login_hint' MUST be specified.

binding_message

string

A human-readable identifier or message intended to be displayed on both the
consumption device and the authentication device to interlock them together
for the transaction by way of a visual cue for the end-user.

user_code

string

A secret code, such as a password or pin, that is known only to the user but
verifiable by the OIDC Provider.

requested_expiry

number

Integer value allowing the client to request the expires_in value for
the auth_req_id the server will return.

client_id

string

OAuth2.0 client identifier. Required when the client authentication method is using
"client_secret_post" or "tls_client_auth". It is optional when using "private_key_jwt"
client authentication; when specified it MUST match the "client_assertion" subject.

client_secret

string

OAuth2.0 client secret. May be specified when using "client_secret_post" client
authentication method.

client_assertion

string

The "private_key_jwt" assertion being used to authenticate the client.

client_assertion_type

string

Type of the client assertion.

Headers

x-client-certificate

string

MTLS Client Certificate

Responses

200backchannel authentication response

400OAuth JSON error response