We have a desktop application which is nothing but a launch bar with a list of application links. Users login to this launcher once (username/pwd) and can open any WPF desktop application without having to login each time. This SSO is achieved by using a security token that is issued internally by our security systems.
We also have another web based UI which has a login screen with username/pwd. We have our own internal authorization server based on Oauth 2. The web based UI has a login screen that allows users to login using their username/password. This username/password is passed to our internal authorizaiton server's /token endpoint to get a access and refresh token back and from then on the UI talks to our web API using this access token. Please note our /token endpoint also supports a custom grant type that we wrote that knows how to accept our internal security token and give back an access and refresh token in exchange.
Now, we have a requirement where we need to allow users to click on a link from the WPF desktop launch bar which would open our web UI in a browser (Chrome if installed) and not ask users for username/password because users have already signed in to the WPF application and we have a valid security token (This token is not the one issued by our internal authorization server based on Oauth 2).
What is the right approach to implement SSO in such a situation?
Aucun commentaire:
Enregistrer un commentaire