We are developing an Angular SPA that relies on a bunch of our own .NET microservices to retrieve data and provide functionality.
We also have a dedicated authorization service for the SPA and each microservice.
I have managed to implement logging in with Okta using implicit flow and default AuthZ, but I am struggling to get access tokens from other AuthZ servers using the same approach (implicit flow). Unfortunately, I could not find any guidelines for multi-AuthZ architectures.
I read about machine-to-machine auth flow, but I assume this is not an appropriate option, because Okta client secret would be stored on user’s side.
Could you please provide hints on how to get access token from other AuthZ servers while being logged-in with the default one?
Thanks in advance