From the external application, you can communicate with other applications in a number of ways. This communication is implemented by the external application. A common scenario is connecting to RESTful services to read from, or write to, a custom data source.
For example, the external application can request context information from the Web Client, such as the selected object's OBID. Using this context information, additional data can be retrieved from the web services for that object. The external application can then query the third-party services and display the results in any way needed.
A common way to authenticate with third-party systems is by using OAuth, which is an open standard for token-based authentication and authorization on the web. If you follow the recommended architecture, the implementation needs to use an implicit flow to obtain a token from the external application. OAuth normally uses a series of redirects to authenticate the user. However, as the external application is embedded in an iframe, it must use a pop-up.
When you need to connect to a third-party OAuth site, we recommend you use the OIDC-approved oidc-client.js library (https://github.com/IdentityModel/oidc-client-js). This library supports pop-up authentication and has been used in several demonstration applications.
The external application must handle authentication and security when connecting to third-party data sources.
Another common scenario is where there is a need for some interception of a request through a proxy server. This interception could be the authentication request to a third-party service account or providing custom RESTFul services to read a local database.