Asynchronous authentication and authorisation using the Client-Initiated Backchannel Authentication (CIBA) flow is now Generally Available for our Enterprise plan customers. The CIBA flow works as an asynchronous, decoupled flow across two different devices:
Consumption device: initiates the authentication request.
Authentication device: handles end-user authentication, implemented as a custom mobile app which embeds the Guardian mobile SDK.
The flow supports the use of Rich Authorization Requests RFC9396 to provide contextual information to authenticating and/or authorizing users. This enables the CIBA flow to support a number of powerful use cases driven by backend client applications, such as:
Customer authentication by headless devices or devices/applications with limited interaction capabilities.
Customer authentication in call-centre scenarios.
Authorising sensitive operations on behalf of yourself or a third-party e.g. a customer service Agent, an autonomous AI Agent.
For more details, see the product documentation.
Fetched April 14, 2026
This new Token Vault capability allows Client Applications to obtain access tokens from third-party APIs (resource servers), through an aut…
This new Token Vault capability allows Client Applications to obtain access tokens from third-party APIs (resource servers), through an aut…