I am in the following scenario:
I developed an API that is only used for authentication and authorization of company users, which I am calling SecurityAPI. All services work as expected and the API is based on OAuth2.
In the company I have several applications and each application has its API with specific business rules.
Considering the situation where, for example, I log in by making a request to the SecurityAPI that returns me the generated Token and the same one being saved in the session, then I want to make a request for a SPA application angular for the API with business rules specific to that application. How can I send the Token information to the security API to authenticate and / or authorize the requesting user according to the generated Token?