Authenticate

This section covers the authentication stage. This involves a consumer verifying who they are with their data holder.

New CX Guidelines URL @September 21, 2023

The CX guidelines have been re-launched on a new domain: cx.cds.gov.au

For more information, refer to Change log: Consumer Experience (CX) Guidelines

‣

On this page

Overview

Authenticate is the second stage of The Consent Model.

The authentication stage involves a consumer verifying who they are with their data holder. This is required so the data holder can connect the data recipient's authorisation request to the correct CDR consumer.

The DSB has determined that a single, consistent, authentication model will be adopted by the CDR regime, referred to as the 'Redirect with One Time Password' flow. The Security Profile supports the authentication flows specified by OpenID Connect as constrained further by FAPI (specifically the Hybrid Flow outlined in section 3.3). No other flows are currently supported.

The supported authentication flow is a type of redirection flow where the consumer's user agent is redirected from a data recipient’s web site to a data holder’s authorisation end point in the context of an authentication request. This flow incorporates aspects of both the implicit flow and authorisation code flow detailed under OpenID Connect.

Note that additional requirements for this flow are contained in the Authentication Flow section of the Security Profile.

CX Guidelines for Authenticate

Redirect with One Time Password

Examples of the flow where the consumer inputs a user identifier and how to use a One Time Password to authenticate with a data holder. Read more about Redirect with One Time Password

Last updated

This page was updated @August 23, 2021

Have your say

Community consultations and maintenance are part of our ongoing process. Here’s how you can get involved:

Request new Guidelines or changes to existing Guidelines through the Guidelines Consultation process
Request new Standards or changes to existing Standards through the Standards Maintenance process
Log a ticket for any questions about the rules, standards, or guidelines through the CDR Support Portal
Email your feedback to cx@consumerdatastandards.gov.au

Quick links to CX Guidelines:

Accessibility statement

→ cx@consumerdatastandards.gov.au → cx.cds.gov.au | cds.gov.au

The Consumer Data Standards Program is part of Treasury. Copyright © Commonwealth of Australia 2023. The information provided on this website is licensed for re-distribution and re-use in accordance with Creative Commons Attribution 4.0 International (CC-BY 4.0) Licence.