Closed pasanh closed 2 years ago
The spec looks like more or less #1553 which is much more popular and more useful imo, except for the call center use case.
We don't have this in the pipeline and typically don't add early drafts to the project, as those tend to get deprecated, changed, or otherwise neglected depending on who is backing them and why.
It's actually not the same as Device flow, CIBA is something like "user clicks auth button on a site via desktop browser, then a push is sent to mobile app with request of auth, user confirms and the browser on a desktop proceeds to authenticated area/performs requested action on behalf of user"
Nice to have feature to implement action authorization or step-up authentication in banking apps
I am marking this issue as stale as it has not received any engagement from the community or maintainers in over half a year. That does not imply that the issue has no merit! If you feel strongly about this issue
We are cleaning up issues every now and then, primarily to keep the 4000+ issues in our backlog in check and to prevent maintainer burnout. Burnout in open source maintainership is a widespread and serious issue. It can lead to severe personal and health issues as well as enabling catastrophic attack vectors.
Thank you for your understanding and to anyone who participated in the issue! 🙏✌️
If you feel strongly about this issues and have ideas on resolving it, please comment. Otherwise it will be closed in 30 days!
Hey guys. Is support for OpenID Connect Client Initiated Backchannel Authentication Flow (https://openid.net/specs/openid-client-initiated-backchannel-authentication-core-1_0.html) in the current feature pipeline? If so, when do you think it will be ready? Thank you.