To our client website, we have implemented user authentication (using OIDC) and related user flows using Azure ADB2C. External users are successfully authenticating and accessing from our website (SPA). Also, we have implemented b2c ROPC flow for headless authentication users.
But here is a scenario, where we have a few clients who wants to access our website from the external client app. The external client application side they were using “OKTA with SSO” and tried to access our website login page, but they are failing to get the b2c token to access our website.
To achieve this, do we need to make any changes in the current b2c integrated website(my client)? Any references or integration process for our external client application should follow (external client have OKTA tenant and for SSO)?
Is there any references to assit this usecase, where the external clients apps to access other client website resources Securely?
One way to do this is to set up B2C so that Okta is an external IDP.
The flow is then: