We are trying to perform something like this
Ideas is to achieve some kind of seamless auth from Windchill à TW à REST API (App)
Any ideas will help, please ask me if the description is not clear
is there an update on this issue? I also need a solution for making REST call possible from client via ThingWorx to Windchill.
Can you get away with using an appKey? You can issue REST calls via a specific user in TWX that has been associated with the app key. The main issue with this approach is that anyone making the REST call, does it using the same TWX user account.
You could build some logic in to each of your REST API calls so that in addition to the appKey, you have to specify a username parameter and then evaluate the username against that user's actual group/org permissions prior to executing the real logic in your service.
So for example, let's say you have a thing with a service that queries data from WC. You would create a new REST API thing with a service that will ultimately call the WC query service. The appkey would have permissions to execute services on your REST API thing. Your service on that thing would take your query input parameters along with a username param. You would then check to see if that username has permissions to call the WC query service on your other thing. If the user is authorized, then simply call that service (you would also need to ensure the System user has access to the WC query service). If the user is not authorized, then you throw an exception which gets returned back to the REST client.