in many large enterprises, there is the need to pass the end user identity when doing a system to system communication. Example: One system B is updated by another system A (by calling an API). The information about the end user that typed in data in system A should be passed along when System A calls B.
I didnt find information that describes how that is can be done with OAuth2.
My idea is to use client credentials grant and then pass a user identifier along. That user identifier is then picked up at the API Gateway and using OIDC, the full user info is added to the upstream calls.
Questions at all and @aaronpk
Is my idea any good. What is a good way of passing the user identifier (where, how)
if not, what is the recommended way
Thanks a lot
P.S Happy to compile all the answers and update the page
Hi,
in many large enterprises, there is the need to pass the end user identity when doing a system to system communication. Example: One system B is updated by another system A (by calling an API). The information about the end user that typed in data in system A should be passed along when System A calls B.
I didnt find information that describes how that is can be done with OAuth2.
My idea is to use client credentials grant and then pass a user identifier along. That user identifier is then picked up at the API Gateway and using OIDC, the full user info is added to the upstream calls.
Questions at all and @aaronpk
Thanks a lot
P.S Happy to compile all the answers and update the page