Integration with iframe

Hello guys!

Just a quick question. If I have two apps in Laravel and one app integrates the second by the iframe.

If I use public/private keys for authentication between two apps how would I know which roles and permissions which user has on the second app (app in an iframe)?

If I use base user token authentication by duplicating the same users on both apps I could set roles and permissions and use it by user token as the same user between two apps.

Or is there a better solution?

jlrdw

3 years ago

Level 75

I use object. But the app using the iframe would need permission to use it. No different than an API, how do you know what user at a company is getting the API data.

That is where their local security comes it, example at a Humane Society an admin could add and edit animals, so they needed admin role to go to the page that had the API login for Adopt a pet.

Note: Local policy and the API policies are totally two different things. You still have API policies.

Example Humane society X cannot edit Humane society Z data.

It can get complex, so write all roles and policies out with pencil and paper and make them make sense.

This part of an App is the most complex, not an hour thing, but days.

1 like

Please or to participate in this conversation.