Our application is a Single Page App built with Angular and ASP.NET Core. We have to integrate another web app which we will integrate in an iframe in our app. This app has to send data back to our application after the user finished his work.
I need to make sure, i can relate the data coming from this application to an authenticated user starting the operation in our app in a secure way.
Those were the options i thought in realizing the interface:
-
Generate a unique token in our application which knows about the related user and gets passed to the other application. The other application transmits this token along with it's other data back to our application and we can check this token on our backend to find out if it's a legitimate request and also relate it to a user.
-
Store cookies after authenticating the user in our app, so the other app could just post the data to our endpoint and the cookies make sure, the call takes place in the authenticated user's context. Also we would probably have to allow CORS from this site to make this work.
-
Use a non-http-based middleware (message broker) to connect the systems in a way, which keeps data transfer out of the browser.
-
Transmit the Bearer token from our application to the other application, so the other application can make an authenticated call to our application backend. CORS would have to be activated as well for the other app's origin. However i'm a bit concerned about the security implications this could have.
Which way would you suggest? Or would you suggest a completely other way of achieving the goal?
Thank you very much for any advise!
Aucun commentaire:
Enregistrer un commentaire