Idea ID: 2799983

User name as parameter in an combination of NAM and NAAF

Status : Delivered
11 months ago

We have a use case where are doing OAuth authentication from a mobile app to Access Manager. In some of our scenarios, we are using multi-factor authentication from AAF through the generic AAF class. Our contract has ONLY the AAF method. After the initial login, the app knows the user ID so we would like to be able to pass that ID through to AAF so that the user is not prompted to enter it. When doing NAM form based login as the first method in a contract, NAM send the user ID as a parameter in the OAuth authorization request that is sent to AAF. AAF uses this value instead of prompting the user to enter it. We are using only an AAF method because of the "linked chains” functionality of AAF. What we need is a way to send the user ID in the OAuth authentication request to NAM and then have NAM send it on to AAF in this same manner. Ideally, this would be done through a simple parameter such as login_hint as is done by many other OAuth servers. If it must be done using signed data, as is currently done with AAF, then that would also be acceptable.