FusionAuth
    • Home
    • Categories
    • Recent
    • Popular
    • Pricing
    • Contact us
    • Docs
    • Login
    1. Home
    2. marcos.muller
    M
    • Profile
    • Following 0
    • Followers 0
    • Topics 2
    • Posts 2
    • Best 0
    • Controversial 0
    • Groups 0

    Miler

    @marcos.muller

    0
    Reputation
    1
    Profile views
    2
    Posts
    0
    Followers
    0
    Following
    Joined Last Online
    Location Brasil
    marcos.muller Unfollow Follow

    Latest posts made by marcos.muller

    • The correct process using Fusion Auth, to make our API C accept tokens from both App A and App B without creating security issues

      1. When App A login an user, it receives a JWT token with the audience being AppA and

      2. When App B login an user, it receives a JWT token with the audience being AppB.

      3. The API is not part of App A nor App B, meaning, it has its own audience, let's imagine here, ApiC. The only way we managed to get this working today is setting up Api C to ignore the validation of the audience OR have a way to define which audiences are valid for the API.

      QUESTION
      What is the correct process using Fusion Auth, to make our API C accept tokens from both App A and App B without creating security issues?

      posted in Q&A ques
      M
      marcos.muller