Hi, looking for some advice for how I can implement the following pattern.
I have a user-facing web app built using ASP.NET core mvc, this app is responsible for performing authentication using the authorization code flow (which presumably returns a cookie to the browser?). I have another RESTful API service that I will often need to fetch data from when users interact with the frontend app, this will also require authentication/authorization.
Am I correct in assuming I can simply take the id/access token that was issued as part of the initial authentication and propagate that to other backend API services? If so, what’s the best way of accessing the user’s tokens after they have authenticated, do I need to extract it from the cookie or is there an easier way? It seems like an extremely common use case but I haven’t been able to find much information online.
Also should I propagate both the id_token AND the access_token, or is just the access_token sufficient?
Any help would be most welcome!