OAuth Auth ISAM authentication level mapping

ISAM provides the concept of Authentication Levels out of the box. This means a given authentication mechanism or flow can be assigned an integer value >0 that represents the authentication strength.

OAuth Auth can make use of this for features such as incremental authentication – for example if the OAuth grant was issued via single factor authentication or if it’s been verified with additional mechanisms such as a One Time Password (OTP) flow. It can also be used when you have a pre-pin Quick Balance style mechanism where it might be set at “1” and if they enter an additional PIN to validate their identity, set to “2” for full API access.

To make use of this – simply configure the OAuth Post Token mapping rule within ISAM to return the following value in the resource request_type for runtime access:

stsuu.addContextAttribute(new Attribute("AUTHENTICATION_LEVEL", 
             "urn:ibm:names:ITFIM:oauth:response:attribute", "3"));

This will place the value into the ISAM credential on access, and the Authentication Level can be enforced using the standard POP interactions.



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.


Up ↑

%d bloggers like this: