I have implemented IDP authentication flow for AuthHub portal. The response idpData (stored in session storage), is missing some pieces of data we may typically expect from a response. Below is an example of idpData from a successful Auth:
On our spring boot service, we have a proxy for factor credential submissions. This proxy will submit the credentials as normal. If the response contains AUTH_ALLOWED and an Id Token, then we will request a user access token which is returned to the front end. Is there any way to achieve something similar with the current implementation?
Release : 2.1.3
When processing a request, the response from Auth Hub( AH ) always includes "x-transaction-id" response header that AH clients can track for their own reasons. A client invoking AH API can indicate its correlation id by sending "x-client-transaction-id" http request header that AH will log.
The ID Token (OIDC IT) is issued by AH to represent the final authenticated identity and containing the "sid" (session id) that could be used for revoking if session tracking setting was enabled. That ID Token can be encrypted if required for confidentiality (controlled by client's app configuration).
There is no obligation on the client side to do anything with that IT, though most clients (or client agents aka client proxies) that need self service keep track of that IT to request AH ATs (via JWT-BEARER grant) to invoke user self service APIs.
So your proxy should be able to exchange IT for AT, with or without refresh token, and then keep using that IT or refresh token to re-request ATs as needed.