OpenID Connect Federation - Trust issues ! Skip to main content
https://support.okta.com/help/answers?id=9062a000000xzi4qag&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
Niall McLoughlinNiall McLoughlin 

OpenID Connect Federation - Trust issues !

I've been looking at OpenID Connect and the associated scopes and authentication flows. I understand how that hangs together in getting access tokens and id tokens back into a client which can use them to make authenticated requests to a resource provider.

I've also seen documentation that OpenID Connect is also suitable for federation, but I'm missing something. Trust. Using another federation protocol, SAML, there is an exchange of static configuration data out of band in order to establish trust between the Idp and SP. I've been trying to find an API that supports OpenID Connect with a third party IdP such as Okta performing the authentication.

The use case I'm considering is a native app or SPA ( single page app ) that leverages Okta for authentication via OpenID Connect. Goes through the authentication flows ( implicit ) and recieves and access token and id token. It can then pass them to the resource provider API to make authenticated requests except..........the resource provider has no idea who Okta is that issued the access token or who the subject 'sub' is that has been passed down with the id token.

Let's say the native app uses two or more resource provider APIs. Or 10. I understand how to achieve this in SAML with web apps. Does anyone have any concrete examples of how this is implemented, or is federated OpenId Connect just a standards document at the minute ?  
Stefan PescaruStefan Pescaru (Okta, Inc.)
Hello Niall,

Here you can find useful information on how to configure OIDC for native apps:
https://help.okta.com/en/prod/Content/Topics/Apps/Apps_App_Integration_Wizard.htm

Also, these are the links to appAuth OIDC:
https://github.com/oktadeveloper/okta-openidconnect-appauth-android
https://github.com/oktadeveloper/okta-openidconnect-appauth-ios

If you find this information not to provide a complete answer to your question, please ope a support ticket with us and we will gladly assist in gathering all the information you need.

Thank you.