I would like to setup an access authentication service using the Java Spring MITREID client framework including calls to distributed REST clients (API) which will execute on behalf of the accessing user. An SSO Login service based on OpenID Connect is already configured using the MITREID client, receiving and parsing a valid JWT token from our central identity service (IdP). I imagine that the application server (or the application itself) is able to include the JWT identity token into the the GET/POST header section, or payload of the RESTful request and forward a request to the next RESTful resource server.
Diagram:
----------
<user><browser><IdP><primary server with MITREID client><RESTful GET or POST><secondary server with MITREID client>
Question: How to setup a secondary server in order to implement an authentication flow based on a valid JWT ID token, or by using an Authorization Bearer token, or a "jwt:" tag in the JSON data section. The token is a self-contained data with trusted information. For reason of performance, I do not see a need for adding a revalidation step, nor by /userinfo, nor by /introspect, but add a basic signature validation and expiry check. This method is known as "identity propagation". Is this feature already available from the MITREID OIDC client project?
