`/backchannel_authentication`

Start Client Initiated Backchannel Authentication for a registered client.

Prerequisites

A client allowed to use CIBA

A valid user identifier or login hint

A configured out-of-band approval experience

Method

POST /backchannel_authentication

Example Request

curl -X POST https://localhost:5001/backchannel_authentication \
  -H "Content-Type: application/x-www-form-urlencoded" \
  -d "client_id=ciba-client&login_hint=user@example.com&scope=openid profile"

Next Step

Use the returned authentication request ID with /token.

Common Pitfalls

Confusing this endpoint with /authorize.
Starting a backchannel request without a reliable user approval channel.

Troubleshooting

If the request is rejected, verify the client's allowed grant types and CIBA policy.