-
Notifications
You must be signed in to change notification settings - Fork 78
User ID Token User Authentication
The user ID token user authentication scheme can be used to silently re-authenticate a user in the event the entity must re-authenticate. Since user ID tokens are bound to master tokens, entity re-authentication will cause any previously issued user ID tokens to become invalid. Submission of a master token and user ID token pair previously issued to the same entity, can be accepted if the recipient wishes to do so. Acceptance may be limited based on various conditions such as the age of the previous tokens or other external state data.
This scheme must only be permitted for entities that can provide strong cryptographic authentication of their identity. Otherwise theft of tokens would allow theft of user identity.
This scheme is identified by the string USER_ID_TOKEN.
authdata = {
"#mandatory" : [ "mastertoken", "useridtoken" ],
"mastertoken" : mastertoken,
"useridtoken" : useridtoken
}| Field | Description |
|---|---|
| mastertoken | master token |
| useridtoken | user ID token |
A previously issued master token and user ID token pair. The entity identity in the master token must match the sending entity identity. The user ID token must be for the authenticating user.
A Netflix Original Production
Tech Blog | Twitter @NetflixOSS | Jobs
- Introduction
- Encoding & Normalization
- Cryptography
- Versioning
- MSL Networks
- Entity Authentication
- User Authentication
- Key Exchange
- Service Tokens
- Messages
- Error Messages
- Application Security Requirements
- Protocol Implementation
- Configuration Guide