How do I get Orchard Core to generate a JWT to access a Strapi Resource Server

Question

Here's what I have:

I've got a Orchard Core server running OpenId Connect. I've got a Strapi server that has some content I want to access. I've got a mobile app for managing the content in the Strapi server.

Here's what I want:

Mobile app gets a JWT from Orchard. The generated JWT contains claims and scopes that allow my mobile app to access the content on my Strapi Resource Server.

So far I've been able to get a JWT from Orchard and use that in my mobile app to access endpoints from Orchard. I know that I need to set up Scopes in OpenId Connect that will be used to build an audiences in the JSON. It seems that you do this by creating Tenants in Orchard, but it seems that those Tenants can only be other instances of Orchard.

Is what I want to do even possible with using Orchard Core as an Authorization Server and accessing a non Orchard Resource Server?

Answer 1

I think it should be possible. Orchard Core emits standard JWTs that can be used in third party services, as long as those resource servers allow for configuration of JWT validation. For Strapi, it looks like this is possible: https://strapi.io/documentation/v3.x/guides/jwt-validation.html#customize-the-jwt-validation-function

Also, in Orchard here https://docs.orchardcore.net/en/dev/docs/reference/modules/OpenId/#configuration it says that the token "Json Web Token: this format uses signed JWT standard tokens. The tokens are encrypted by default but access token encryption can be turned off to allow third-party resource servers to use the JWT tokens produced by the Orchard OpenID server.", so it looks like your integration scenario is possible.