-
Cheers, I'm currently running into the problem of figuring out the 'correct' way to handle a flow that allows:
Previously, this could be done with the SPA/"Backend for Frontend" approach, and I could just use on From what I can tell so far, I'd probably need to split it up to either have different vhosts or at least different Am I overlooking a more convenient way? The simplified workflow for this desired solution would be:
The authorization part can be done fairly securely with some nested |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
You can use mod_oauth2 to handle the bearer token with 2 issuers and use mod_auth_openidc for the OIDC flow by loading both modules and configuring |
Beta Was this translation helpful? Give feedback.
You can use mod_oauth2 to handle the bearer token with 2 issuers and use mod_auth_openidc for the OIDC flow by loading both modules and configuring
AuthType auth-openidc
; both modules will handle this AuthType. Just be aware that you'll need to useRequire oauth2_claim
for access control with mod_oauth2 soRequireAny
is needed to applyRequire claim
in the same location.