Hello Everyone. I have a scenario which i have no luck reaching to a solution so far. Please take some time and help me out here.
So the app im building doesn't contain a Login / Logout feature and its an embedded app. Its architecture is API-based (Laravel and React). I use Passport package for authentication
Now after the app installs the merchant is taken straight to the dashboard which works fine if the merchant is seeing the app in the embedded window. However if the merchant inspects the iframe element and copies the src field of that iframe and opens it in a new window, It will open for the merchant. This is a huge security breach which I need to address.
Note: If u want more information about this .. let me know what u need I will provide it.