Context:
User wants to link accounts and allow one mobile application (app A) to use data from another system (app/system B). System B also has mobile application with logged in user. System B also has oAuth 2 server and bunch of APIs secured by JWT tokens provided by that oAuth 2.0 service.
Currently account linking is performed using oAuth authorization code flow, and for that mobile app A has to open web browser and make the user to log in into system B oAuth service. That later on provides authorization code to the System A to be exchanged for access/refresh tokens.
Problem statement: Want to eliminate that user log in in the browser and potentially use the fact that user is already logged in into both applications (with different accounts/credentials)
Is there a way/best practices to link accounts without making user to re-enter credentials in the web browser? Ok to deviate from the typical authorization code flow.
We can change/update both systems/apps A & B.
