Configure the CIBA Feedback Mode

Using client dynamic registration, the CIBA mode can be configured with the backchannel_token_delivery_mode parameter set to poll or push.

Copy

Sample request to set the mode to poll

POST https://[base-server-url]/{tenant}/authn/register HTTP/1.1
Content-Type: application/json
Authorization: Bearer RTp7HwAAAXk7gR65Mff4M1Gigl6DxnmC1vCOEMya
 
  {
    "redirect_uris":
     ["https://client.example.org/callback"],
    "client_name": "openid client 12",
    "client_id": "client12",
    "hid_client_group": "USG_SYS",
    "backchannel_token_delivery_mode":"poll"
  }

Copy

Sample request to set the mode to push

POST https://[base-server-url]/{tenant}/authn/register HTTP/1.1
Content-Type: application/json
Authorization: Bearer RTp7HwAAAXk7gR65Mff4M1Gigl6DxnmC1vCOEMya
 
  {
    "redirect_uris":
     ["https://client.example.org/callback"],
    "client_name": "openid client 12",
    "client_id": "client12",
    "hid_client_group": "USG_SYS",
    "backchannel_token_delivery_mode":"push"
  }

Only if the CIBA mode is push, define the CIBA callback URL in the ATR_CIBACB user attribute for the OpenID client that will send the CIBA request:

Copy

Sample request to update the OpenID client with the attribute and URL

POST https://[base-server-url]/scim/tenant/v2/Users/11053 HTTP/1.1
Authorization: Bearer YOUR_BEARER_TOKEN
Content-Type: "application/scim+json"
{
    "schemas":[
        "urn:ietf:params:scim:schemas:core:2.0:User",
        "urn:hid:scim:api:idp:2.0:Attribute",
    ],
    "externalId":"655817402088574941876708488070484658763453311419",
    "roles":[
        { "value":"RL_OPENIDCLIENT" }
    ],
    "groups":[
        { "value":"UG_CLIENTID" }
    ],
    "urn:hid:scim:api:idp:2.0:UserAttribute": {
        "attributes": [
            {
                "name": "ATR_CIBACB",
                "type": "string",
                "value": "https://client.example.org/CB/getApprovalStatus"
            },
        ]
    }
}