I hope this is an appropriate channel to ask about auth flows.
As per the title - will OTPValidation be secured by a two-legged auth flow?
I understand that the API spec currently states "two_legged" but my understanding is that CAMARA APIs will use three legged when user data is involved. I also understand from peripheral discussions that OTPValidation may remain as two legged as it has specific use cases.
I am asking in context of routing requests to target operators in a federated/aggregated model. The routing discussion is possibly out of scope of CAMARA - but you are probably aware of discussions in related forums whereby the user identifier in a three-legged auth flow can be used to facilitate routing to target operators. Client Credentials does not contain user data, and this OTPValidation use case likely needs to be taken into account in the relevant platform for routing discussions.
Hello OTP team 👋
I hope this is an appropriate channel to ask about auth flows.
As per the title - will OTPValidation be secured by a two-legged auth flow?
I understand that the API spec currently states "two_legged" but my understanding is that CAMARA APIs will use three legged when user data is involved. I also understand from peripheral discussions that OTPValidation may remain as two legged as it has specific use cases.
I am asking in context of routing requests to target operators in a federated/aggregated model. The routing discussion is possibly out of scope of CAMARA - but you are probably aware of discussions in related forums whereby the user identifier in a three-legged auth flow can be used to facilitate routing to target operators. Client Credentials does not contain user data, and this OTPValidation use case likely needs to be taken into account in the relevant platform for routing discussions.
Thanks!