Validate access token that were created in another IDP

yotamb · February 12, 2023, 11:39am

Hello,

I wish to implement the following architecture:

My_IDP (implemented using Auhtlib) generate an access token using a custom grant
The user sends this token in the security header as a Bearer token to API_A which then validates that token with Auth0
Auth0 receives that token and validates it against My_IDP

I’m guessing that this architecture is possible since I noticed that:
https://auth0.com/docs/authenticate/identity-providers/enterprise-identity-providers/oidc

However Authlib doesn’t implement the Discover Endpoint (.well-known/openid-configurati_on) so I need to do it myself. What information does Auth0 requires from that endpoint so it can validate a token? Thanks

dan.woda · February 15, 2023, 4:25pm

Hi @yotamb,

Welcome to the Auth0 Community!

Usually you can validate the token without having to reach out to Auth0. JWT tokens contain a signature that your API_A can use to verify the token. Take a look at common libraries at JWT.io.

system · March 28, 2023, 1:24pm

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Does Auth0Client.LoginAsync Validate the Identification and Access Tokens on the Client Side? Help auth0-sdk	3	4250	September 3, 2019
Auth0 JWT Access token Validation in Go API Help login-experience , new-universal-login-experience	3	1166	March 1, 2024
Checking token validity/expiry Help id_token , access-token	8	30323	August 16, 2019
Can my api server trust the access token from auth0? Help configuration , application	2	813	July 3, 2023
Best practices for validating access token and getting user info Help management-api , access-token , validation , user-info , id-token	2	6034	December 17, 2018

Validate access token that were created in another IDP

Related Topics