SP supporting CIBA with two IDPs: B2B/B2C

[questsin]

• Implementing a GSMA Opengateway Authserver: How would OpenID Connect flow Client-initiated Backchannel Authentication work for a Service Provider using two IDPs, one for B2B and one for B2C? B2B would Authenticate ISVs, and B2C would authenticate mobile subscribers.
• What orchestration/needs to be done and what info needs to be exchanged between the two IDPs?
  • For example, an ISV calling a GSMA CAMARA Location API. ISV's authenticate with bc_authorize with the B2B IDP and the subscriber needs to call the /authorize api of the B2C IDP

[AxelNennker]

Cross-post from GSMA OpenGateway: https://github.com/GSMA-Open-Gateway/Open-Gateway-Documents/issues/105

What is the difference to the flow where the ISV is the client doing private_key_jwk at THE (only one) IDP/AZ?

The client is onboarded, using maybe TM931 or dynamic client registration, and uploads there public key, gets their clientId etc. End user are authenticated at the same AZ/IdP/OP.

Please explain to the non-OpenGateway Expert what the scenario is.

[AxelNennker]

@questsin can we close this?