Transparent STS for an Backend protected by an access token

Tagged: , ,

This topic has 0 replies, 1 voice, and was last updated 3 years, 5 months ago by triton_oidc.

  • Author
  • #25672


    I would like to use AM for my use case,
    but from what i read in the documentation, AM/STS doesn’t fit
    I’d like to be sure nonetheless :

    case 1 :
    I got a backend (App2) that is OIDC protected, and return “Hello Mister [username]”, to anyone doing a get including an access token with the correct audience (App2), the access token must be linked to a user (the app does a userinfo with the provided access token)

    This Backend does not change.

    Case 2 :
    But I also want to call this backend from another application (App1)
    This application is OIDC protected, and it has an access token linked to the user with the audience=App1

    What I wish is this application to exchange the token with aud=app1 against another token with aud=app2, and the App2 backend must still be able to do a userinfo

    Here is a schema of the case 2, and the source code associated


    diagram source

    Thanks for any help


    • This topic was modified 3 years, 5 months ago by triton_oidc.
Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.

©2022 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?