dotnet run
cd ClientApp
npm install
npm start
pass: Rosen2019!
We have 4 applications, each one has its own service (including backend and frontend), and an identity provider (IDP).
The BE of one app can understand tokens issued by its IDP only. For example, Starbucks's BE can only understand tokens issued by Starbucks's IDP.
Question: how can we login into Starbucks, Highland and Highland B2C using Coffee's user credentials?
The BE and FE of all 4 apps are left untouched. The IdPs are setup as following:
-
For SAML
- Coffee acts as SAML Identity Provider using Auth0
- Starbucks and Highland act as SAML Service Provider using Auth0
-
For OIDC: in Highland B2C (Azure AD B2C), we config a OIDC connection using Coffee (Auth0)'s client id, client secret, and some other information.
Result: When user login into a service using Coffee's user credentials, the Coffee will generate a token whose issuer is from the service's IdP itself.