I am going to implement a new login system for our new AngularJS application at work, using IdentityServer3, and Thinktecture.IdentityModel.Owin.ResourceAuthorization.WebApi.
Some users will have access to more than one customer.
I am trying to figure out the best way to give users different permissions within the same application, depending a selection in the frontend ( selected customer ).
Currently i am considering implementing my own permission service using webAPI. The frontend ask for all permissions using the current user's token and cache all permissions mapped to a customer in the frontend.
Can this be done in a good way using OpenID Connect? I am thinking that implementing my own permission service is probably overkill or maybe i overlooked some clever way of using resource flow, or somthing like that.
