register now
May 30 - June 2, 2023 | ARIA Resort & Casino, Las Vegas, NV
register now
2022 Event | Session Video
StepUp Authentication for APIs with OAuth 2

Speaker: Vittorio Bertocci, Principal Architect, Auth0 | Okta
Date: Tuesday, June 21, 2022
Location: Denver, CO

Description: Despite step-up authentication being one of the most common production scenarios, as of today there is no interoperable way to implement it. A client attempts to access a resource; the resource demands a stronger authentication level than the one indicated by the credentials presented; the client leads the user through a process that elevates the authentication strength; the client repeats the call with elevated credentials, and the resource grants access. OAuth 2 provides affordances to implement all of the above, but the lack of specifics led to multiple, incompatible approaches. This session will expand on the scenario and describe a novel proposal to achieve interoperable step-up capabilities with minimal or no changes to existing authorization servers, resource servers and clients.

Follow us on
identity everywhere
Stay informed on the latest event updates
Identiverse: The Identity Universe
hosted by CyberRisk Alliance
register now