I have few potentials partners who would like to use my site as a part of their module/services. When users login into their site, and click on a Bill button it will open my website without login again. I’m thinking the workflow should be similar with the SSO for Google ecosystem when login in one they can access others applications Youtube, Drive, Gmail etc…. However, the differences here is our partners have their own authentication with client profiles data, I also have my own authentication with my own client profiles data (cannot be shared to them) and maintain the role-based for each user.
So I’m not sure how to implement that and whether is there any security risks can be exposed as I’m thinking definitely they have to share their client profiles to us somehow so it can be created, authenticated from our end also update the role-base permission to each user.
My system uses IdentityServer4 run on .netcore in windows IIS. My backend is micro services with .net 5 and UI using React JS redux-oidc in linux environment
I don’t know what authentication that they use and will it be matter or my system can be designed to authenticate with any partners regardless of their design?