CIBA Overview

The BindID OIDC CIBA implementation allows you to integrate CIBA flows into a server app, so you can easily perform out-of-band authentication, such as for authentication flows initiated by IVR systems or Call Centers. You can also use CIBA flows in your web applications to create a link for use in native desktop to mobile authentication flows, instead of sending end users to the BindID QR screen to authenticate.

Here's how it works for server apps:

1. Your server app invokes the /authorize_ciba endpoint to retrieve a link that can be presented to the user (for example, as QR code).
2. When the end user opens the link, an out-of-band authentication flow is initiated on the user's device.
3. Your server app retrieves the ID and access tokens from the /token endpoint, either using polling or by subscribing to receive notifications when it’s ready.
4. Your server app validates the user tokens.

See the CIBA Authentication API