Menu
Here is the scenario:
I have a web app with some RESTful APIs, the users are using an IdP to do SSO. I registered my web app (as well as many others 3rd party web apps) to the IdP and when the users want to use my web app, I will redirect users to the login page of the IdP and do normal SAML 2 stuff to authenticate the user. This part has been done already. Now once logged in, users can freely use any web app registered to the IdP. The next to do is to authorise some of these web apps (not all) to be able to use my RESTful APIs.
Different from the normal OAuth 2 granting flow, it is not the users allowing their 3rd party web apps to use my APIs, instead, I want to control which 3rd party web apps can use my APIs. Something like the user will request from me to grant a certain web app of his/hers to use which of my APIs. Or any other good suggestions I am all ears.
699
You could take a look at this spec, which provides more control of the distributed access tokens.
120
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
