...
More information can be found in the following blog post
Integration
For CIBA ntegration integration the OpenID Provider (Audkenni) and the Client (Relying Party in OpenID connect flow) first need to exchange their endpoints, signing data and credentials which each other.
...
3. Setup
In some cases, the Relying Party Client is also an OpenID provider that received a request from other Relying Parties Clients and relies on Audkenni for the actual authenticationsigning. This scenario is seen in the picture below.
...
All information needed to let the user sign the message should be in the request JWT, as can be seen below:
| Code Block |
|---|
{
"claims":
{
"login_hint": "8422263",
"scope": "openid profile signature RELATEDPARTY:clientname",
"acr_values": "msspsim-sign",
"iss": "{{client_id}}clientid",
"aud": "{{am_url}}https://idp.audkenni.is/oauth2/realms/root/realms/audkenni",
"exp": {{exp}}238932499002,
"binding_message": "binding display message",
"binding_content": "binding content"
},
"key":"{{private_key}}",
"alg":"RS256"
}
|
...
login_hint | In case the sim solution is used to sign the message this MUST contain the mobile number of the user |
scope | In case of a proxy scenario this should contain the name of the initial requesting party |
acr_values | This determines the method that is going to be used to sign the message. Valid values are sim_sign and nexus_sign |
binding_message | This is the message that the user will see when receiving the sign request |
binding_content | This is the actual content that will be signed |