I’m working on a new application where we own the front end and backend. I’ve created the okta config using SPA with authorization with pkce grant flow for front end and client credentials flow for backend java (both OIDC).
Once I get the id token and access token in react using sdk, how to authorize the jwt token?
Do I need to use aws gateway to authorize it or it can be done in backend using any server side language like JAVA.
We have multiple consumers who will use our backend along with us so want to know what is the correct way to approach this scenario.
Typically, your backend would accept the user’s Access Tokens as bearer auth in the request headers and validate it server-side. Highly recommend that if you have multiple OIDC clients sending tokens to this same resource server that they share an authorization server (will make the validation simpler that way).