Backchannel Authentication Endpoint is used to initiate an out-of-band
authentication of the end-user.

Log in to see full request history
timestatususer agent
Retrieving recent requests…
LoadingLoading…
Form Data
string

Request object, signed and/or encrypted JWT.
When used, it may contain all the properties below. Besides parameters
used by client authentication, all the other parameters should be inside
the request object.

string
required

Space-delimited string indicating the OAuth 2.0 scope to be associated with the
access request.

string

A bearer token provided by the Client that will be used by the OIDC Provider to
authenticate the callback request to the Client. This is required when "ping"
token delivery mode is used.

string

A space-separated string that specifies the requested Authentication Context
Class Reference values, with the values appearing in order of preference.

string

An ID Token (JWT) previously issued to the Client by the OIDC Provider being passed
back as a hint to identify the end-user for whom authentication is being requested.
One of 'login_hint_token', 'id_token_hint' or 'login_hint' MUST be specified.

string

A JWT token containing information identifying the end-user for
whom authentication is being requested.
One of 'login_hint_token', 'id_token_hint' or 'login_hint' MUST be specified.

string

A hint to the OIDC Provider regarding the end-user for whom authentication
is being requested. The value may contain an email address, phone number,
account number, subject identifier, username, etc.
One of 'login_hint_token', 'id_token_hint' or 'login_hint' MUST be specified.

string

A human-readable identifier or message intended to be displayed on both the
consumption device and the authentication device to interlock them together
for the transaction by way of a visual cue for the end-user.

string

A secret code, such as a password or pin, that is known only to the user but
verifiable by the OIDC Provider.

number

Integer value allowing the client to request the expires_in value for
the auth_req_id the server will return.

string

OAuth2.0 client identifier. Required when the client authentication method is using
"client_secret_post" or "tls_client_auth". It is optional when using "private_key_jwt"
client authentication; when specified it MUST match the "client_assertion" subject.

string

OAuth2.0 client secret. May be specified when using "client_secret_post" client
authentication method.

string

The "private_key_jwt" assertion being used to authenticate the client.

string

Type of the client assertion.

Headers
string

MTLS Client Certificate

Responses

Language
Credentials
:
URL
Click Try It! to start a request and see the response here! Or choose an example:
application/json