Let's imagine we have some website which have 5 different login type:
- Github
- Basic Email Password
Website is SPA with JWT authentication. But how process the tokens from different Oauth providers to authorize YOUR app backend? Do you convert it to your app jwt? Or you create your backend jwt and send both you and google jwt's at a same time? What is typical design for this kind of stuff?
CodePudding user response:
Your app should have one authority. But this authority is configured to "trust" other identity providers. This is known as federation. Explanation from IdentityServer, another from auth0.