Home > Software engineering >  How to verify IdP ( identity Provider) token at resource server in Single sign-on flow using JWT for
How to verify IdP ( identity Provider) token at resource server in Single sign-on flow using JWT for

Time:05-24

I am trying to develop a Single Sign On (SSO) using JWT for cross domain apps.

After looking into few solution and threads i decided to go with following : enter image description here

But i am not sure about, how to verify the IdP token at resource server ?

should both IdP and resource servers have an access to the same datasource?

Also, is it necessary to use unique resources token for each apps ?

CodePudding user response:

The receiver of the access token only needs to verify its signature using the IdP's public key. If you have more complex needs, then the receiver could ask the IdP for more details, perhaps using the token introspection endpoint.

Each client authenticating against the IdP will get its own set of ID/access/refresh tokens.

  • Related