OAuth Integration with Chat Service

[billcunnien]

If a user is logged into my main application and begins a text chat with our chat service. At some point that user wants the chat service to perform a task on their behalf. I want the chat service to utilize Identity Server to perform the authorization needed for the service to get the proper token which can access our back-end API on behalf of the user. I would think IS could handle this.

I would create a client with the proper scope and settings. But, then, what pattern would I follow after that to get the service to authenticate, exchange a code for an access token, or refresh a token? Is it the exact same, except no login, per se? Do I somehow skip the login and go straight to the code exchange?

How do I do that?

Thanks for any suggestions for this - I do not want to custom code anything unless I absolutely have to.

Bill

[ProgrammerAL]

Hi @billcunnien, we’d suggest using an “on-behalf-of” exchange, https://docs.duendesoftware.com/identityserver/tokens/extension-grants/#token-exchange-for-impersonation-and-delegation. The chat service would receive the user’s access token and exchange it for another access token specific to the target API. The chat service would then include the new access token in calls to the target API.

We have an example of Token Exchange in our samples linked from: https://docs.duendesoftware.com/identityserver/samples/tokens/#extension-grants-and-token-exchange.

If you would like to speak with someone about implementation specifics beyond a Q&A format, we can recommend our consultancy partners to help with that.