Access token validation with using identity provider?

Hi all,

Is there away for an access_token assigned directly via okta to be validated in keycloak (when okta is an identity provider in keycloak)?

The system has 2 apps - frontend (vue) and backend for frontend (asp.net core).

  • Frontend performs user login directly via okta
  • Frontend passes the access_token via Authorization header (Bearer) to BFF
  • BFF authenticate the user using keycloak

can keycloak support this? If yes - would be happy to receive references to keycloak's documentation or any other resources

Thank you,
Roi

What is BFF?
Token verification is well known process,(decoding and signature verification) so that BFF should be able to do it.

Thank you for your reply.
BFF = backcend for frontend

Its role is to response to frontend’s requests (http). It extracts the access_token by pulling the Bearer value from the Authorization and use the access_token for authentication with the identity provider.

Indeed token verification is well know process, but where can I find the doc that configure keycloak to delegate the access_token verification to the identity provider?

Keycloak is an identity provider (IdP). So it issues tokens and token verificiation is job for service provider (SP - your backend in this case).

You can use keycloak-gatekeeper (properly confifured for okta IdP) in front of backend, which will act as auth proxy.