App2App Login with Authentication Workflows

PSD2 and the Financial-grade API (FAPI) from the OpenID Foundation have helped popularize mobile app authenticator flows. Common patterns and specifications like App2App authorization and Client-initiated Back Channel Authentication (CIBA) have emerged from the increased demand. The shortcoming with these is that they do not specify how the actual authentication will occur. As a result, implementations often create tightly coupled solutions between a particular client app and the authenticator app. This scenario leads to an ineffective solution that is harder to change over time, and it is more challenging to create rich authentication workflows. Instead, the authentication server on the back end needs to drive the authentication. This should be exposed via a hypermedia API that allows the clients to render native screens, collect input from the users, and authenticate using the mechanism and flows defined by the server.

In this webinar we will:

• Explain how you can use a hypermedia API to drive clients to log in users using any technique stipulated by the OpenID Connect Provider or OAuth Authorization Server;
• Discuss why hypermedia is the ideal architectural pattern for creating such an API;
• Show how you can use hypermedia in a way that conforms to FAPI and local regulations like PSD2 and GDPR to fulfill not only App2App login but other pertinent login scenarios;
• Touch on the security issues raised by such an API; and
• Recommend resources where you can learn more about the API and these workflows.

Presented by:

Daniel Lindau

Identity Specialist & Solution Architect