TomPallister
commented
6 years ago @shivanka-thunderbolt yes this is possible. For example, if you register an IdentityServer 4 authentication provider with support for reference tokens only. When Ocelot authenticates the token the request will go out to IdentityServer. All Ocelot does for authentication is delegate to whatever authentication provider has been registered. Please see the docs here for more info.
I would like to know if it is possible to redirect the request from Ocelot API gateway to get it validated before forwarding it to downstream. I'm using JWT authentication resource owner flow.