Hello,
I have an environment today with one application that is going to use OKTA login process. BUT BUT in a near future I will have more applications that are going to use this service.
Java Application, in the application server is not Spring, in the gateway server will be Spring (thank god)
Because of this I dont want to put the configuration in this application server, because if a do this , in the future I will need to replicate the code to all other applications
So, my idea is to create , what a called, a internal OKTA Gateway Server,
the internal applications will contact this server and only knows this server.
and this server will be the only one contact what a called, the OKTA External Oficial Server.
This server is going to be responsible to contact the OKTA External Oficial Server to validate , create, the tokens etc. etc.
My two questions, are
Is this possible ?
and better, Is this a good idea ?
What do you guys think about it ?
I make a draw showing my idea.
Only problem is you are inventing a security scheme, so be aware of possible pitfalls and vulnerabilities, which may be laying in your way.