-
Notifications
You must be signed in to change notification settings - Fork 37
Description
Imported from AB/Connect bitbucket: https://bitbucket.org/openid/connect/issues/1401
Original Reporter: tlodderstedt
The current cross device flow works fine, however it forces the RP to make assumptions about the SIOP/wallet the user might choose to process the SIOP request.
I propose to investigate an advanced flow that involves an advertisement/discovery step and allows Rp and SIOP to better adjust the flow to each others capabilities.
The RP could render a QR code that give rise to its capabilities and endpoints. The user then scans that QR code with the wallet of her choice.
The wallet uses the QR code data and send a request to the RP containing its capabilities and endpoints/identifiers in a direct HTTPS POST request.
In the HTTPS POST response, the RP directly sends with the authentication request data (tailored for the particular SIOP).
As already noted, this flow would allow the RP and the SIOP to tailor the requests to each others capabilities. Also, the QR code could potentially be static and concise.