0

First things first, im not very experienced in oauth2 and oidc.

I got the following architecture

To sum that picture up: I want to be able to login on an Application through my Angular App, which has a SpringBoot Backend inbetween. The Application already supports SSO via oauth2 and oidc.

My initial try would be to get the ID token in an Angular App. With that token I want to get through my Backend to the Application, which will authenticate the user.

Am I going in the right direction? If so, whats the minimum config i have to set in my angular app, in order to get the id token? For the Application, I already got the client id and client secret, which works perfectly fine.

Slowmo
  • 3
  • 3
  • Your question might be a bit too broad for Stack Overflow's Q&A format. Some general pointers include that you should check out Implicit and AuthCode+PKCE flows, as a "client secret" is usually out of the question for Angular (SPA) applications. - Also, given your picture, you might have a "Backend-For-Frontend" architecture where you don't necessarily need bearer tokens, and could try to rely on session cookies instead. – Jeroen Apr 26 '20 at 15:32

1 Answers1

0

So the way i solved this was to request the whole token including the claims at my angular frontend via oauth2-oidc implicit flow. I than attached the required information in the authorization header as bearer token and got it working

Slowmo
  • 3
  • 3