OAuth 2.0, paired with OpenID Connect, is the standard for user authentication. However, its reliance on browser redirects for communication among parties often results in a suboptimal user experience particularly for native applications. This has led developers to seek alternative, and sometimes less secure, methods to implement OAuth in an API-centric manner.

The upcoming “OAuth 2.0 for First-Party Applications” specification aims to bridge this gap by introducing an extension to OAuth for API-centric authorization. However, the scope of OAuth 2.0 for FiPA does not include user authentication in an API-centric way. This session will dive into bridging this gap by designing a flexible, API-centric authentication layer to complement the OAuth 2.0 for First-Party Applications specification.

The session will explore:

• Designing an API-centric authentication layer that supports various authentication methods such as passkeys, Email OTP, social logins, etc. in a generic manner.
• Handling multi-factor authentication (MFA).
• Handling multi-option selection for authentication.
• Handling social and enterprise federated login scenarios.
• Leveraging the authentication API to dynamically build UI representations in login interfaces.

The session will include a demo showcasing a mobile application that integrates the discussed authentication API. It will show the enhanced user login experience that can be achieved when implementing OAuth 2.0 for First-Party Application specification along with an authentication API as discussed in this session.