1
Hello, I have the following question.
I have an application that will be used by several companies, each company will have a number of employees (users only company) and I have common users (customers of companies). The relationship of the system is in a single structure of N:N and N:1. The main idea is that each company manipulates its own resources, individually without being able to change third-party companies. Users can use all the resources of the company (companies where it is related). My question would refer to the exposure of this API, as I can ensure that a malicious user with this exposed URI does not access, manipulate resources of other companies. I just want when he accesses company X, he can only use the endpoints of company X, in the same way the users (customers of companies) access company Y and only manipulate resources that are within company Y.
I saw that there is the Oauth2 authentication protocol, which protects our API, I should create an Oauth2 Client for each company checking if it is using only this company?
I’m a bit confused in the meantime. If you could understand what I said above, can you help me? hahaha
I’m using Laravel and Laravel Passport.
Thanks man , maybe this will really help.
– Sidney Novais