CIBA Flow

1

CLIENT APP

Initiate Backchannel Authentication

Send a backchannel authentication request with the user's login hint. The authorization server will authenticate the user out-of-band (e.g., via push notification).

/oauth2/default/v1/bc-authorize

Configuration

Okta Domain

Authorization Server

/oauth2/default/v1/

Client ID

Client Secret

Login Hint

Binding Message (optional)

Scopes (optional)

Configure Okta Domain and Authorization Server to load scopes

cURL Command

Explain cURL | regenerate curl

Response

2

CLIENT APP

Poll for Token

Poll the token endpoint with the auth_req_id until the user approves the authentication request.

/oauth2/default/v1/token grant_type=urn:openid:params:grant-type:ciba

cURL Command

Explain cURL | regenerate curl

3

CLIENT APP Optional

Test Token with API

Test the access token by making an authenticated API request to a resource server.

Request Body (optional)

cURL Command

Explain cURL | regenerate curl

Save Configuration

Saved Configurations

Initiate Backchannel Authentication

Poll for Token

Test Token with API

Parameter Details

Message