Okta, one application several APIs

Asked Apr 02 '19 at 16:14

Active Apr 02 '19 at 16:14

Viewed 37 times

I have 2 applications and each one has his own backend but I want to access the third API from both applications. this third API should be secured. the same security that the other 2 applications have. the problem is that each application has a different JWT with a clint_id that is different.

how should I manage to secure the API and allow access from these 2 applications?

We are using Golang and Angular. we already tried decoding the JWT with one client_id and then with another one, but this adds some time to the execution. I don't know if it is the best solution

tv := map[string]string{}
tv["aud"] = "okta.audience"
tv["cid"] = "client_id_1"

jv := jwtverifier.JwtVerifier{
    Issuer:           "issuer",
    ClaimsToValidate: tv,
}

tokenDecoded, err := jv.New().VerifyAccessToken(tokenStr)

if err != nil {
    tv["cid"] = "client_id_2"

    jv = jwtverifier.JwtVerifier{
        Issuer:           "issuer",
        ClaimsToValidate: tv,
    }

    tokenDecoded, err = jv.New().VerifyAccessToken(tokenStr)
}

asked Apr 02 '19 at 16:14

carlos padilla

are those two apps are registered under the same okta organization account? – Artem Apr 08 '19 at 14:41
Yes, they are under the same Okta org, have you used claims to manage access? – carlos padilla Apr 24 '19 at 17:10

Okta, one application several APIs

0 Answers0