identity – Trying to find the best way to prove my idenity between a client app and an api website

My aim is to have an executable that parents download. Run the app and it checks basic requirements. Having windows 10 education, signed into intune, wifi card is up to standard and things of that nature. If it passes all the checks I want it to send the mac address to our api site which we then use for wifi authentication.

I do want to make sure that the mac address matches with the student though and lot just let any request add in their own mac address for obvious reasons. So I need some identity checks and looking at using azure.

One thought is put the mac address into the redirect uri along with all the other stuff and use oauth2. Have the client app open the webpage to azure oauth and the redirect go to our webpage. Can then have the webpage auth it and if that passes check the mac address. Can then display a message based on the result such as all good or idenity failed or you already have a device joined.

Or I could perhaps redirect back to the client app and that sends off the token and mac address to our website. Do a request with the token and if the username looks good move forward with the mac.

Kinda want to try and avoid just sending the username and password directly to our site. Want to keep it off our main network as much as possible and would like to avoid doing something like an ldap request to our local ad.

Reason I like the first way of doing it is it’s easier to update messages and what not. Just changing some html and not having the users needing to redownload the tool. I would also like to keep the client app as minimal as possible.

I’m just looking for some opinions/ideas on this. I’m not in that far with the web dev world so it’s likely there are tools I can use which do this sort of thing already that I’m unaware of.

Maybe there are ways to even check for the things I need purely from the webpage. Looked briefly at activex or running java applets but I’m pretty sure new browsers are dropping support for those sorts of things.

Not that it really matters but I’m likely going to use pythons flask on the web side.