I am a bit confused on how to develop authentication on this system I’m developing.
The system consists of a back-office done with Ionic and a backend done with Nest.js.
So the Ionic site uses Nest.js 's REST API.
I have to add authentication to this system.
My organisation uses Shibolleth/SAML to autenticate the other services and we have an Identity Provider to which all web apps refer.
I have to authenticate:
- the user that uses the web app,
- the calls of the front-end (Ionic) to the REST API (Nest.js).
I know that Nest.js uses Passport to implement all types of authentication: local, Jwt, Shibolleth, etc.
But is it possible to do both the above authentications with Shibolleth or do I have to check the authentication of the user with Shibboleth and then use JWT or a token to authenticate the calls to REST API?
Have you ever done something similar?
Thank you very much for your suggestions.