security - Authentication between trusted application and an API -
the application set up
application : third party, windows desktop application. application users required log in to. logins managed/authenticated locally
application b : our application, windows system tray application. integrates application a. extracts information , sends application c.
application c : our api, application b calls in send data.
currently users required create account in application c using gui , enter user details in application b proceed. users questioning process fail differentiate ownership between application , b since tightly coupled.
given can trust if user logged in application a, genuine, want come solution not require create login. based on trust between application b, c, , ability detect if user logged in application a.
end result be, if user logged in application a, application b detects , sends user details, application c. given there trust between b,c user not require thing authentication between b , c. c use user logged in authorization.
any ideas how can done? in lines of token based or trusted application authentication...
this depends entirely on interfaces application exposes. if application has api can queried authentication status, can use api implement authentication pattern.
if application supports advanced authentication mechanisms such oauth, can tie them similar results.
if neither, out of luck. there no such thing universal standard exchange of authentication state.
Comments
Post a Comment