Configuring CIBA Feedback Mode

The HID Authentication Service push-based authentication solution supports the Client Initiated Backchannel Authentication (CIBA) method for client applications to receive feedback regarding the end user’s actions.

Based on the OpenID Connect CIBA Core specifications - section 5, you can use one of the following CIBA modes:

• Push (default) - HID Authentication Service posts the full authentication result to the client
• Poll - the client retrieves the authentication result by polling the HID Authentication Service token endpoint using the authentication request ID as the new grant type

During client registration, the CIBA feedback mode can be configured by setting the backchannel_token_delivery_mode parameter to poll or push.

The client sends a CIBA request using the bcauthorize endpoint when the user initiates an operation on their device.

Using the authentication request ID, HID Authentication Service sends the feedback via the CIBA callback URL defined for your OpenID client.

You can also use the token endpoint to delete (ciba_delete) a pending push request.

Topics in this section: