Open pgangwani opened 3 weeks ago
guillaume-chervet
commented
3 weeks ago Hi @pgangwani , thank you for your issue. I have to read token exchange documentation more in details but i'am pretty sure it is a server side protocol. Do you need to apply token exhange at server side inside you API or from client side ?
pgangwani
commented
3 weeks ago Imagine like Shell (Parent most wrapper component) which is authenticated always using keycloak id authority . However there is sub component/MFE (think like tab of the which is registered with enterprise IAM - forgerock). Now when sub-compoenent renders, it redirects to enterprise SSO, which I need to silently resolve like in your multi auth example. But only difference is authority is changing to enterprise SSO so token would not work.
Now same logistic can apply to BFF of that MFE and I expect the same solution can apply there as well. Please note I dont have surity that it is solution for library but this is for example / doc if we can achieve some combination like that for the reference.
Issue and Steps to Reproduce
I have usecase of token exchange. May I know how can we tackle this ?
At a high level, we have 2 oidc servers where login is required only first time and then auto authorize with other. One is local keycloack and other one enterprise Forgerock.
Versions
Any
Screenshots
Expected
Need more example and ways if you are familiar with this.
Actual
Additional Details