Hi all,
Is there away for an access_token
assigned directly via okta
to be validated in keycloak
(when okta
is an identity provider in keycloak
)?
The system has 2 apps - frontend (vue
) and backend for frontend (asp.net core
).
- Frontend performs user login directly via
okta
- Frontend passes the
access_token
via Authorization
header (Bearer
) to BFF
- BFF authenticate the user using
keycloak
can keycloak
support this? If yes - would be happy to receive references to keycloak
's documentation or any other resources
Thank you,
Roi
What is BFF?
Token verification is well known process,(decoding and signature verification) so that BFF should be able to do it.
Thank you for your reply.
BFF = backcend for frontend
Its role is to response to frontend’s requests (http
). It extracts the access_token
by pulling the Bearer
value from the Authorization
and use the access_token
for authentication with the identity provider.
Indeed token verification is well know process, but where can I find the doc that configure keycloak
to delegate the access_token
verification to the identity provider?
Keycloak is an identity provider (IdP). So it issues tokens and token verificiation is job for service provider (SP - your backend in this case).
You can use keycloak-gatekeeper (properly confifured for okta IdP) in front of backend, which will act as auth proxy.