I have 2 different ways of login into the application
End customer or external user will login into the application at enterprise gateway. This login is common for multiple applications and will use reverse proxy to load the requested app.
Developers will login into the application using application gateway.
The End user has already authenticated, he would have the access token embedded in the request. How can we validate this access token? The token was generated by the identity server at Enterprise level.
The internal user will be redirected to login page. He would login via Identity server at application level.
Is there a way, I can proxy the Identity server at application level to validate the token generated by the enterprise identity server.
For enterprise user, you could have reverse proxy server to set special header to indicate request is from end user. If reverse proxy sends JWT, your application can introspect it locally. If reverse proxy sends opaque access_token, your application will have to remotely introspect the token.