PKCE Client ID's for the Application backend authentication

For applications integrated with Pantaris with IAM Integration, for the user login we have the client id available for validating the application. However we have the scenario where we need server side authentication of applications using its own Client ID, Client Secret to ensure all communications are authenticated. Since Pantaris provider Portal doesn’t allow this configuration during the app initialization, how can this be achieved. What is the suggested approach from Pantaris on extending the support for backend Client Authentication.

Any thoughts and suggestions are welcome and would also like to know where Pantaris stands in these topics.

1 Like

The IAM Integration is a new feature that is not yet publicly available. The general idea is described on our early adopter/preview deployment. → PANTARIS-latest
The feature is intended for Service Provider that do not have or want their own IAM Infrastructure. If you already have your own solution, please explain a bit more what kind of integration or user experience you want to achieve.

Hi Benjamin, we do not have our own IAM solution. However we still need authentication for the backend applications as well. So with Pantaris, when we are enabling the IAM Integration which provides us the PKCE Client ID for the usage with the GUI, we would also like to enable some additional Client with Secret (technical users) for our usage with Backend Applications.

However these client are not associated per Project and is kind of a global Client. This clients will be used in our backend system for system to system authentication. To start with its still OK if there is no roles assignment possibilities to the clients and we we can make exceptions in our Authorization Policies to ensure that this client is allowed for certain API calls within our backend system.

I can discuss further with you if you still need more details.