App2App Login with Authentication Workflows

Presented by

Daniel Lindau, Identity Specialist at Curity

About this talk

PSD2 and the Financial-grade API (FAPI) from the OpenID Foundation have helped popularize mobile app authenticator flows. Common patterns and specifications like App2App authorization and Client-initiated Back Channel Authentication (CIBA) have emerged from the increased demand. The shortcoming with these is that they do not specify how the actual authentication will occur. As a result, implementations often create tightly coupled solutions between a particular client app and the authenticator app. This scenario leads to an ineffective solution that is harder to change over time, and it is more challenging to create rich authentication workflows. Instead, the authentication server on the back end needs to drive the authentication. This should be exposed via a hypermedia API that allows the clients to render native screens, collect input from the users, and authenticate using the mechanism and flows defined by the server. In this webinar we will: - Explain how you can use a hypermedia API to drive clients to log in users using any technique stipulated by the OpenID Connect Provider or OAuth Authorization Server; - Discuss why hypermedia is the ideal architectural pattern for creating such an API; - Show how you can use hypermedia in a way that conforms to FAPI and local regulations like PSD2 and GDPR to fulfill not only App2App login but other pertinent login scenarios; - Touch on the security issues raised by such an API; and - Recommend resources where you can learn more about the API and these workflows.
Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (13)
Subscribers (625)
Curity is a leading provider of IAM and API security technology that enables user authentication and authorization for a wide range of digital services. The Curity Identity Server is highly scalable, and handles the complexities of the leading identity standards, making them easier to use, customize and deploy. Today, the Curity Identity Server is the most complete OAuth and OpenID Connect server, and we enjoy the trust of large organizations in most industries, including financial services, telecom, retail, gaming, energy, and government services across many countries.