Is there away for an
access_token assigned directly via
okta to be validated in
okta is an identity provider in
The system has 2 apps - frontend (
vue) and backend for frontend (
- Frontend performs user login directly via
- Frontend passes the
Authorization header (
Bearer) to BFF
- BFF authenticate the user using
keycloak support this? If yes - would be happy to receive references to
keycloak's documentation or any other resources
What is BFF?
Token verification is well known process,(decoding and signature verification) so that BFF should be able to do it.
Thank you for your reply.
BFF = backcend for frontend
Its role is to response to frontend’s requests (
http). It extracts the
access_token by pulling the
Bearer value from the
Authorization and use the
access_token for authentication with the identity provider.
Indeed token verification is well know process, but where can I find the doc that configure
keycloak to delegate the
access_token verification to the identity provider?
Keycloak is an identity provider (IdP). So it issues tokens and token verificiation is job for service provider (SP - your backend in this case).
You can use keycloak-gatekeeper (properly confifured for okta IdP) in front of backend, which will act as auth proxy.