Hello everyone, i’m trying to research and investigate authentication process with Okta for set of services.
Currently i have set of services (some backends and some frontends) which are acts as a same site.
We have separate auth apps (NodeJs + ReactJS) for handling auth processes. When user successfully logged in, backend returns jwt token, which is stored into cookie (on main domain level)
then user able to reach our another ReactJs frontend (each of them works with their APIs).
Frontend sends the accessToken to API, and NodeJS APIs validates token only.
Now, i want to replace auth with Okta(with okta login page on first step).
One possible way: create separate okta applications for each React application. Then our NodeJS API will works as before - only validate tokens. Problem here - i should describe OktaAuth settings for each frontend app.
What the right way to get an access/idToken for set of apps, and refresh them, without duplication?
Thanks for any answers or ideas!