Welcome to the WSO2 Identity Server source code! For info on working with the WSO2 Identity Server repository and contributing code, click the link below.
Is your feature request related to a problem? Please describe.
IS can act as the primary identity provider(IdP) for the business application that is used for managing the primary user base and orchestrating the login flow of the application. There are scenarios in which consumer users of the applications can authenticate via 3rd parties with federation via IS.
This business application also requires the users to authorize the application to consume APIs from these 3rd parties which manage the user’s resources. The third-party resource servers are protected by their trusted authorization servers. These authorization servers do not have token exchanging capabilities along with obtaining the user consent at the token exchange. This scenario requires the application to prompt for multiple user logins and hinders the user experience.
Describe the solution you would prefer
IS will expose the third-party access token and the refresh token to the business application. In fact, IS won't handle the refresh token mechanism internally.
Additional context
Without the capability, the application developers will have to prompt the user to login through multiple IDPs for a single user flow hindering the user experience.
indeewari
commented
3 months ago
Is your feature request related to a problem? Please describe. IS can act as the primary identity provider(IdP) for the business application that is used for managing the primary user base and orchestrating the login flow of the application. There are scenarios in which consumer users of the applications can authenticate via 3rd parties with federation via IS. This business application also requires the users to authorize the application to consume APIs from these 3rd parties which manage the user’s resources. The third-party resource servers are protected by their trusted authorization servers. These authorization servers do not have token exchanging capabilities along with obtaining the user consent at the token exchange. This scenario requires the application to prompt for multiple user logins and hinders the user experience.
Describe the solution you would prefer IS will expose the third-party access token and the refresh token to the business application. In fact, IS won't handle the refresh token mechanism internally.
Additional context Without the capability, the application developers will have to prompt the user to login through multiple IDPs for a single user flow hindering the user experience.