Re: generate auth code

supriyokumar274 · 12-01-2021 04:03 AM

i am developing one proxy for generating auth code how to validate whether login is correct or not so that generation auth code will be made

dchiesa1

how to validate whether login is correct or not so that generation auth code will be made

For sure, we are going to need more context from you, before providing a useful answer.

supriyokumar274

Actually azure will call the auth code flow to generate auth code i want to validate that its actually coming from correct source

dchiesa1

I cannot help you.

Denis_KALITVI

to make sure this works, you have to implement extra logic in your proxy that generates the code, e.g. you have to include one more proof of authorization before generating the code:

1. get the one time token that makes sure that system that asked for auth code really can do that

2. query (before generating the code) the system who gave this token

3. generate the code

you can do more conditions for generating the code, use the policies for that (condition can be incoming IP address, mtls authentication, extra token (like JWT) so system who asks for code, can prove that this is the actual system. Like Dino wrote, we don't have context on your case, so we cannot much help