I've been working on a project involving a Node-RED flow that utilizes an OAuth API to obtain an access token. This token is then used along with a subscription key to access another API, retrieve data, and publish it to MQTT topics.
On the side, I've built a MERN application to visualize this data. However, I'm a bit perplexed about implementing a secure login system for the MERN app. Here's a rundown of my setup:
- The OAuth API has a single set of client credentials (client ID and secret).
- The Node-RED flow successfully manages OAuth authentication and API interactions.
- My MERN app interacts with the API through the Node-RED flow; it doesn't directly access the OAuth-protected API.
I'd like to:
- Ensure that users who log in to the MERN app are the same users with API access.
How can I securely link user accounts in my MERN app to the OAuth access credentials? Is there a way to validate users' claims of having API access during the MERN app registration or login process? Any insights, best practices, or suggestions would be greatly appreciated!
Thanks in advance for your help!