I can't seem to find a standard solution for this, so I'm asking for your opinion.
I'll list the moving parts, first:
- Identity Provider 1 (IP1)
- Resource Server 1 (RS1) - resources accessed with accounts from IP1
- Identity Provider 2 (IP2) - acts as Federation Gateway with IP1 add to the federation. Users login with accounts from IP1
- Resource Server 2 (RS2) - resources accessed with accounts from IP2
- Native mobile app (the App) - App where users authenticate using IP1 and the app accesses RS1.
- Native app lib (the lib) - app library(sdk) that's used as part of the App. Accesses resources from RS2.
The question is how to get Access Token or Authorization Code from IP2, when we have Access Token from IP1.
I know that the standard way is to just initiate Authorization Code Grant Flow with IP2 and that if the browser still have session with IP1 it will go without user integration. But I would like to make it even more seamless - without the risk of the user being asked to login or any browsers popping, at all.
