I’m getting a bit lost in all the different schemes and terminology and could use a bit of pointing in the right direction.
The user can sign into a website where they can edit info, pay etc. From here they can click the link to the web app which is hosted separately. The web app makes API calls to yet another server. How can the authorization and authentication be structured for this without having to login multiple times?