If I have an app which authenticates against one OIDC provider eg. Google but then uses the provided id- and access-token to make request against a 1. app-api and 2. a third-party-api using the tokens from before.
Is this possible how does this work where can I learn more? I know about OpenID Connect but only in a “single backend api flow”. I came across OpenID Federation but do not know if this is the standard. Can anybody help me out?
Last but not least how to I manage roles in this type of setup? Someone mentioned custom claims for this, as a property of the token but I could not really get a clue about this either.
In summary: How do I do enterprise authentication and access management having third party APIs but only one place to sign up and login?