my users use mobile app, this mobile app interact with api, some api functions need to call to another api's. all my api are require Authorize, should i take the tBearerToken and forward it to the other api's or there is another way to do that?
You have several options. You need to use a delegation pattern to get a valid token to your backend.
You can forward the token from one Api to another, which makes you reuse a token in both Apis. Or what is the same, both Apis share audience and scopes. Which is not a good practice since you get out of the specification.
Or you can extend your grants by implementing a delegation grant on your Idp where the first Api that has the token exchanges it for another token with a different audience but with all the user information. You can see an example in the IdentityServer4 documentation .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.