App-to-app or service-to-service authentication using federated login
I have an application Foo that exposes a web-based portal as well as a REST API service via HTTPS.
When a human user connects to the app Foo to use its web-based portal, the human user is first redirected to an OAuth2-based login page. Once the human user is authenticated, they are redirected back to app Foo and now the human user can access the portal. The actual identity of the human user is maintained in an active directory. The OAuth2 identity provider uses AD to validate the user's identity. All of this sounds okay so far.
Now I have an app Bar which needs to connect to Foo and send REST API requests to it. So the app Bar is the client here. The app Bar's identity (credentials) will once again be maintained in active directory behind the scenes. It will be a user account meant to be used exclusively by app Bar only. Once properly configured and setup, the app Bar should be able to authenticate to app Foo without human intervention. Can this be achieved using a federated authentication mechanism like OAuth2 or SAML?
What I am worried about is that as a human user, whenever I have tried to authenticate to a website that uses OAuth2 or SAML, it redirects me to another identity provider's URL, where I need to enter my credentials. This is not exactly very convenient for automation when an app like Bar needs to authenticate itself to app Foo?
What are the available options here that allow us to implement app-to-app authentication without requiring human intervention, yet be convenient to implement, and also uses federated login?
