SP supporting CIBA with two IDPs: B2B/B2C

camaraproject / IdentityAndConsentManagement

Repository to describe, develop, document and test the Identity And Consent Management for CAMARA APIs

Apache License 2.0

18 stars 30 forks source link

SP supporting CIBA with two IDPs: B2B/B2C #141

Open questsin opened 3 months ago

questsin commented 3 months ago

Implementing a GSMA Opengateway Authserver: How would OpenID Connect flow Client-initiated Backchannel Authentication work for a Service Provider using two IDPs, one for B2B and one for B2C? B2B would Authenticate ISVs, and B2C would authenticate mobile subscribers.
What orchestration/needs to be done and what info needs to be exchanged between the two IDPs?
- For example, an ISV calling a GSMA CAMARA Location API. ISV's authenticate with bc_authorize with the B2B IDP and the subscriber needs to call the /authorize api of the B2C IDP

AxelNennker commented 2 months ago

Cross-post from GSMA OpenGateway: https://github.com/GSMA-Open-Gateway/Open-Gateway-Documents/issues/105

What is the difference to the flow where the ISV is the client doing private_key_jwk at THE (only one) IDP/AZ?

The client is onboarded, using maybe TM931 or dynamic client registration, and uploads there public key, gets their clientId etc. End user are authenticated at the same AZ/IdP/OP.

Please explain to the non-OpenGateway Expert what the scenario is.