Expand description
OpenID Connect Client-Initiated Backchannel Authentication (CIBA).
Implements the CIBA flow where a consumption device (e.g. a POS terminal or call-center application) authenticates the user on a separate authentication device (e.g. the user’s phone) without a browser redirect.
§Modes
- Poll — the client repeatedly polls the token endpoint.
- Ping — the OP sends a notification to the client’s callback URI, then the client fetches the token.
- Push — the OP pushes the token directly to the client’s callback URI.
§References
- OpenID Connect CIBA Core 1.0
- RFC 9449 — DPoP (optional token binding)
Structs§
- Ciba
Auth Request - A backchannel authentication request sent by the consumption device.
- Ciba
Auth Response - Successful response to a backchannel authentication request.
- Ciba
Config - Configuration for a CIBA provider.
- Ciba
Provider - In-memory CIBA provider implementing Auth Request → Token lifecycle.
- Ciba
Token Response - Token response after successful authentication.
Enums§
- Ciba
Error - Error response per CIBA spec.
- Ciba
Mode - CIBA token delivery mode.
- Ciba
Request Status - Pending request state.
- Login
Hint - Hint identifying the end-user to authenticate.