We have several apps/web apps, that have different user ‘audiences’:
Internal users - Admin dashboard type apps
Partner users - Partner apps used to access some of our services.
Customer users - customer facing apps.
Each app talks to our API, which is run on node.js/express.
How should we separate these different user ‘audiences’ in order to identify them within each app?
Example 1: A ‘customer’ user visits a ‘partner’ web app. If they try to login, they should be redirected and notified they are not authorized to access the app.
Example 2: An ‘internal’ user should be able to access an ‘internal’ app and any ‘customer’ apps, but not a ‘partner’ app.