How to verify IdP ( identity Provider) token at resource server in Single sign-on flow using JWT for cross domain

Question

I am trying to develop a Single Sign On (SSO) using JWT for cross domain apps.

After looking into few solution and threads i decided to go with following : Single sign-on flow using JWT for cross domain authentication

But i am not sure about, how to verify the IdP token at resource server ?

should both IdP and resource servers have an access to the same datasource?

Also, is it necessary to use unique resources token for each apps ?

score 1 · Accepted Answer · answered May 24 '22 at 06:47

The receiver of the access token only needs to verify its signature using the IdP's public key. If you have more complex needs, then the receiver could ask the IdP for more details, perhaps using the token introspection endpoint.

Each client authenticating against the IdP will get its own set of ID/access/refresh tokens.

How to verify IdP ( identity Provider) token at resource server in Single sign-on flow using JWT for cross domain

1 Answers1