I am working on a multi-tenant app that needs to talk to external API using OAUTH User-Agent Flow. I have this working in the case of a single tenant (i.e. master bubble).
If I were to use access tokens and embed them in the API calls I could pass in parameters (tokens) linked to my tenants. The setup for OATH seems to tie the API definition to a single target/user [I may be misreading this] where the magic of managing the returned codes/tokens is managed in the API config. In particular, the URL of the target system seems to be hard coded into my API definition … which implies I need a separate API setup for each tenant.
This is not terrible as I am not looking at a lot of tenants but, short of horrible kludgy “Only if …” clauses on duplicated workflow steps (one for each tenant) is there any way to pass in the tenant-related API to a workflow step?
I guess I may be horribly misunderstanding what is happening here so feel free to tell me so… the whole OAUTH inbound/outbound stuff in a multi-tenant world is pretty hairy (imho) so any suggestions re better approaches much appreciated.