I have created custom app in angular and the resources are accessed via api.
I want the users to access the resources only via API and they should not be allowed to login to desk.
However since i am using oauth2 to login, they should be able to login and accept the authorization request.
Is this possible?
Option 1: re write cookie header with nginx and only expose needed routes.
Option 2: use auth_hooks in hooks.py and block unwanted request routes.
Option 3: block the /app or /desk route using nginx or auth hook. Not sure if that will solve the problem
But Administrator has to login and use the desk as usual. Is it possible to acgive this?
Another option is to keep ERPNext under VPN access and with your frontend app, expose /api/* route as reverse proxy.
Admins will need to access vpn.
Seems this is what i was looking for. I will explore more on this approach.
Thanks for the pointer