The Client Initiated Backchannel Authentication (CIBA) Authorization

The Backchannel Authentication Endpoint is used to initiate an out-of-band authentication of the end-user.

This is done by sending an HTTP POST message directly from the Client to the OpenID Provider's Backchannel Authentication Endpoint, using a request defined in the following subsections.

Log in to see full request history
timestatususer agent
Retrieving recent requests…
LoadingLoading…
Form Data
string
required

The client identifier issued to the client during the registration process

string

Required if initiating authorization. The scope of the access request, must therefore contain the openid scope value.

claims
object

Required if initiating authorization. Object of the claims that client want to be shared

login_hint
object

Required if initiating authorization. A hint to the OpenID Provider regarding the end-user for whom authentication is being requested.

The value may contain an Personal number or Phone number, which identifies the end-user.

During request, LoginHint must contain only one parameter, 'personal_number' or 'msisdn'

string

Required if authenticating authorization. A secret code, such as a password, that is known only to the user but verifiable by the TBC

string

Required if authenticating authorization. An ID Token previously issued to the Client by the OpenID Provider being passed back as a hint to identify the end-user for whom authentication is being requested.

string

ui locales

Responses

Language
URL
Click Try It! to start a request and see the response here! Or choose an example:
application/json
application/problem+json