How to validate access token with implicit flow on backend?

Asked Apr 02 '22 at 07:05

Active Apr 02 '22 at 14:10

Viewed 163 times

I didn't make such decisions with implicit flow (I know it's not so good to use it), but I currently have situation where I have to validate my access token on backend(Java 8). Is it okay for every request with access token additionally call oidc provider to check if token is active(not revoked, with valid lifetime) or there is more appropriate way how to handle it? Anyway thanks

edited Apr 02 '22 at 14:10

mostlycryptic

asked Apr 02 '22 at 07:05

Alex09

Could you explain a bit more about your scenario? – mostlycryptic Apr 02 '22 at 07:09
Angular(12) application make authorize call to oidc provider, after successful authentication, angular app has access token and idtoken. Puts access token in http interceptor to Authorization Bearer header to every request. When backend gets such access token in Authorization header, what is the best approache to validate this access token? – Alex09 Apr 02 '22 at 08:06
Alex have u found a method? – Chandhan Narayanareddy Apr 28 '22 at 12:44

How to validate access token with implicit flow on backend?

0 Answers0