I have the MultiTenant web application that internally using different services and Restapi Service and login purpose username and password validation using WSO2IS and LDAP.LDAP is configured with WSO2IS UserStore.So when customer login into web application right now implemented like checking username and password is present in LDAP directory or not. Based on the LDAP directory response logging into the application.
Now I want to implement token-based authentication when client login into the application by using he/she tenant user credential, get the token from WSO2IS server, send token at the client side. So that while calling any service or RestApi call with using that token. If after time limit if it expire than regenerate the token And when the request to any service and Rest API validate token is valid or not. So if the valid token then only backend service send response otherwise send failure response.
I am stuck in the correct approach. I need exact approach for successfully implement authorization identity management service with WSO2 to handle access token for user validation and to validate Rest Service.
You can use OpenID Connect (OIDC) [1] in order to achieve your requirement.
OpenID Connect is an authentication protocol that is a simple identity layer on top of the OAuth 2.0 protocol. It allows clients to verify the identity of the end-user based on the authentication performed by an authorization server, as well as to obtain basic profile information about the end-user in an interoperable and REST-like manner.
You can use WSO2 IS and integrate your client application with OIDC [2][3] and get an access token on behalf of the user to communicate with external APIs.
Also you can use the OAuth Introspection endpoint [4] of the WSO2 IS in order to validate the access tokens as for your requirements.