Authenticate apps with Device Tokens
12.3.3. Using Device Tokens to authenticate mobile apps

Device Tokens allow to bind a mobile app (or other REST clients) to an IAM account and use the involved device token as a non-user-interactive first or second authentication factor.

It is thought for the following scenario:

  • 1.
    Initial authentication: The HTTP client authenticates using username, password, and a 2nd factor (e.g. MTAN).
  • 2.
    Device Token registration: The HTTP client generates a key pair and associates the public key with the user account.
  • 3.
    Following logins: Dependent on the configuration, HTTP clients authenticate either using the device token step as the first factor or using username, password, and device token step as the second factor.

Further information and links