We have a Secure Token server built on Identity Server 3.0 that manages security across, multiple applications both Single Page and Native Mobile applications. And there are resource server(s) (a RESTful API that needs to be accessed by the aforesaid applications). Mobile application gives a summarised view of the Client information where as user need to navigate to the Single Page application to get the complete view of the client.
At present the mobile application (Cordova) retrieves client information summary from the resource server through Resource Owner Client Credential Grant and displays List of Client information in the Form of a Grid in the Cordova App.
The requirement now is to open the Client Details information (Details View) in the single page application (AngularJS) without making the user login again. At this point the mobile app possesses a token that can access the resource server (scope).
The problem now is how to pass the token we have to the Single Page application (AngularJS) without sending it (the token) in the URL. Could some please shed some light on what is the best possible way to handle the scenario?