questions on service to service authentication Skip to main content
https://support.okta.com/help/answers?id=9060z000000jjljqas&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Tau LiangTau Liang 

questions on service to service authentication

Hi, I'm creating a design for authentication between a bunch of backend services. e.g, I have services A, B, C, all of them require an access token from Okta.

1) Apps go through Okta authentication, gets an access token and calls A, B, or C. This is pretty straightforward. 

2) Behind the scenes, services A, B, and C also talk to each other.  How do I design it in such a way that A can talk to B all the time with proper authentication, while at the same time, A and B don't have to bug Okta all the time?

One thing I found is refreshing access tokens. 

https://developer.okta.com/authentication-guide/tokens/refreshing-tokens  
The workflow described in the link above makes a lot of sense.  I do have a couple of detailed questions

1) Is it possible to create a service account (just like an user but tied to a service) to get Refresh Token?  If yes, how can that be done?

2) What are the best good practices around caching/storing the long-lived refresh token locally (to a service like A or B)? 

Thanks,
 

 

 

Tau LiangTau Liang

The workflow seems to fall into the category of "Service Application" in the link below

https://developer.okta.com/standards/OAuth/#access-token

however, that section pointed to some external RFC but lacked details.