Menu
▾
▴
Re: [Unity-idm-discuss] Oauth token validation
|
From: Krzysztof B. <kb...@un...> - 2017-12-15 12:18:22
|
W dniu 15.12.2017 o 10:59, Sander Apweiler pisze: > Hi Krzysztof, > > I have a question about Oauth token validation. Let me describe the > situation first: > > We have two services (a and b) which are connected to unity. Both > services have its own oauth client. Unity does the authentication for > both services. Service b must query information from service a. > Service a talk only to authenticated "users". Service b requests an > access token from unity with its own oauth client and send the token to > service b. > > Is service a allowed to validate the token by unity and request user > information? Or is it no possible because the token was generated for > another client? Yes, it is. a should however check if the presented token was intended for b. Cheers, Krzysztof |
