First Look: Client-Initiated Backchannel Authentication Flow

The Client-Initiated Backchannel Authentication (CIBA) Flow is a back-channel authentication flow defined by the OpenID Foundation that complements the OpenID Connect front-channel authorization flow. It enables developers to build asynchronous authorization flows.

Cancel Apply

rate limit

Code not recognized.

About this course

The Client-Initiated Backchannel Authentication (CIBA) with Auth0 allows users to authenticate on a separate device from the one receiving tokens. It differs from traditional OAuth 2.0 by not requiring user agent redirects.

The CIBA flow involves the client application initiating a backchannel authentication request, Auth0 sending a notification to the user's authentication device, and the client polling Auth0's /oauth/token endpoint for the authentication status. Upon successful authentication, tokens are returned to the client. CIBA is useful for smart devices, MFA, transactional approvals, and call centers where decoupled authentication is beneficial.

About this course

The Client-Initiated Backchannel Authentication (CIBA) with Auth0 allows users to authenticate on a separate device from the one receiving tokens. It differs from traditional OAuth 2.0 by not requiring user agent redirects.

The CIBA flow involves the client application initiating a backchannel authentication request, Auth0 sending a notification to the user's authentication device, and the client polling Auth0's /oauth/token endpoint for the authentication status. Upon successful authentication, tokens are returned to the client. CIBA is useful for smart devices, MFA, transactional approvals, and call centers where decoupled authentication is beneficial.