Hi, I’ve currently set up a trial of tyk as a POC for our organization.
I read about TIB and how it can enable SSO access to the dashboard and/or the developer portal, but I’m confused on how to configure it to authenticate users who try to access our tyk-managed APIs.
Let me explain the flow:
- User access one of the tyk-managed APIs.
- The API is configured to be secured by openid connect so it redirects the user to the TIB to be autheticated.
- TIB is configured to authenticate users via existing openid connect server (ping federate in our case). so it redirects the user to ping.
- Ping authenticates the user and redirects him back to TIB with an authorization code.
- TIB makes a request to ping with the given authorization code and it’s configured client id and secret and receives the access token.
- TIB returns the access token to tyk gateway, who then use the access token to identify the user and apply him any matching policies.
- Not sure how, but somehow the access token need to be passed to the API itself to perform authorization.
Basically I’m talking about authorization code flow of openid connect where TIB is a mediator between tyk gateway and our existing openid server.
I’ve seen how to configure this similar flow for dashboard login, but it is not clear what is required to do for the API.
I hope I’ve explained myself well, thanks!