This document extends the error codes collection defined by with a new value, insufficient_user_authentication, which can be used by resource servers to signal to the client that the authentication event associated with the access token presented with the request doesn't meet the authentication requirements of the resource server. Consider, for instance, an eCommerce API requiring different authentication strengths depending on whether the item being purchased exceeds a certain threshold, dynamically estimated by the API itself using a logic that is opaque to the authorization server.Īn API might also determine that a more recent user authentication is required based on its own risk evaluation of the API request. ![]() In simple API authorization scenarios, an authorization server will determine what authentication technique to use to handle a given request on the basis of aspects such as the scopes requested, the resource, the identity of the client and other characteristics known at provisioning time.Īlthough the approach is viable in many situations, it falls short in several important circumstances. Web Authorization Protocol Working Group mailing list is archived at. ¶ĭiscussion of this document takes place on the This note is to be removed before publishing as an RFC. This document also codifies a mechanism for a client to request that an authorization server achieve a specific authentication strength or freshness when processing an authorization request. This document introduces a mechanism for a resource server to signal to a client that the authentication event associated with the access token of the current request doesn't meet its authentication requirements and specify how to meet them. ![]() ![]() It is not uncommon for resource servers to require different authentication strengths or freshness according to the characteristics of a request. Ping Identity OAuth 2.0 Step-up Authentication Challenge Protocol Abstract
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |