Transparent STS for an Backend protected by an access token

Tagged: , ,

This topic contains 1 voice and has 0 replies.

  • Author
    Posts
  • #25672
     triton_oidc 
    Participant

    Hi,

    I would like to use AM for my use case,
    but from what i read in the documentation, AM/STS doesn’t fit
    I’d like to be sure nonetheless :

    case 1 :
    I got a backend (App2) that is OIDC protected, and return “Hello Mister [username]”, to anyone doing a get including an access token with the correct audience (App2), the access token must be linked to a user (the app does a userinfo with the provided access token)

    This Backend does not change.

    Case 2 :
    But I also want to call this backend from another application (App1)
    This application is OIDC protected, and it has an access token linked to the user with the audience=App1

    What I wish is this application to exchange the token with aud=app1 against another token with aud=app2, and the App2 backend must still be able to do a userinfo

    Here is a schema of the case 2, and the source code associated

    img

    diagram source

    Thanks for any help

    Amaury

    • This topic was modified 3 months, 3 weeks ago by  triton_oidc.
Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.

©2019 ForgeRock - we provide an identity and access platform to secure every online relationship for the enterprise market, educational sector and even entire countries. Click to view our privacy policy and terms of use.

Log in with your credentials

Forgot your details?