I'm searching for a 'design' solution for the following concept:
I have a VSTO plugin for Outlook which needs to make multiple requests to 2 API's which are behind a AWS Api Gateway. These API's are processing certain items based on the corporation that is making the call.
This API needs security to hide certain information for people outside a corporation. Thats also the part where I'm stuck at right now.
The ideal situation would look like this:
- A user can get verified based on the logged in user in Outlook.
- A Application/API Administrator can grant & revoke API access to entire corporations.
So what prevents me from finding a solution:
- I don't know how and if it is possible to verify a logged in Outlook user at the AWS Api Gateway auth.
- I have looked at different solutions like JWT Tokens + Refresh Tokens, however the issue of granting access to entire corporations still exists. This also goes back to the first issue where I have to get a JWT Token for a logged in user.
So...
- What information can I pull out of Outlook to get a user verified at my API Auth (and maybe return JWT tokens)?
- Is it possible to grant a entire corporation access to your API? (So 'verified/loggged in' outlook users like bodeeh@fakecorpA.com is granted access because he is in the Office Corperation of company 'fakecorpA' but bodeeh@fakecorpB.com is not granted access because 'fakecorpB' is not granted as a Office corperation)
Aucun commentaire:
Enregistrer un commentaire