Replies: 2 comments
-
|
@livio-a @muhlemmer can you help here? |
Beta Was this translation helpful? Give feedback.
-
|
The RS needs to be registered at the OP. For introspection authentication is required. The ResourceServer holds all config, including secrets, in order to perform introspection. If you have a single server, serving multiple API, like a proxy, then indeed you need to create multiple ResourceServers each with different credentials. However, if you are using something like zitadel, the API can be part of a project. It may be multiple apps and APIs are parts of the same projection. In zitadel projects can be added as audience. In that case a single ResourceServer instance could perform validation of all downstream services in the same project. |
Beta Was this translation helpful? Give feedback.
-
One Resource Server, RS normally serves many external APIs, at the same, it might have many client applications registered for those external APIs, i.e via Client Credential Basic Authentication. Why should I have to start my RS particularly associated with a concret client_id & client_secret? Should I run multiple RS instances for each registered client application?
For another real scenario, what if I have an API Gateway working as a central RS, protecting all upstreams, API application server, just validating the Bearer access_token via introspect endpoint before routing the API call to the backends, e.g 3Scale API Gateway, how can I integrate my API Gateway with various client applications and the single Authorization Server (e.g the exampleop?
Beta Was this translation helpful? Give feedback.
All reactions