v1.2.0
·
4 commits
to develop
since this release
v1.2.0
kirill-abblix
Kirill Kovalev
This tag was signed with the committer’s verified signature.
kirill-abblix
Kirill Kovalev
🚀 Features
- Added support for Client-Initiated Backchannel Authentication (CIBA) with a dedicated backchannel authentication endpoint (PR#17)
Detailed description
Added support for CIBA with a dedicated backchannel authentication endpoint
- Added support for CIBA with a dedicated endpoint compliant with the Client-Initiated Backchannel Authentication (CIBA) standard. This allows clients to initiate authentication through a secure backchannel.
- Supports Signed Authentication Requests, allowing clients to send JWS-signed requests for enhanced security. This ensures that the requests are tamper-proof and that their integrity can be verified by the server.
- The token endpoint now supports Poll Mode for CIBA, enabling clients to poll for tokens during the backchannel authentication process. Poll Mode is one of the standard delivery modes defined in the CIBA specification, alongside ping and push modes.
- Full support for the CIBA grant type (
urn:openid:params:grant-type:ciba) at the token endpoint, ensuring seamless token exchange once authentication is completed. - Enhanced OpenID Provider Metadata includes the URL of the backchannel authentication endpoint, lists supported delivery modes (poll, ping, push), and specifies the supported JWS signing algorithms for authentication requests. These metadata elements are crucial for dynamic client registration and discovery, ensuring interoperable interactions between clients and providers.
- Client Metadata defines the token delivery mode (poll, ping, push), requires the client notification endpoint for ping and push modes, and specifies the request signing algorithm for authentication requests. This provides clients with the necessary configuration details to interact effectively with the OpenID Provider.