We are building a Chrome Extension that will be force-installed on each employee's browser for the companies we work with.
We currently use OAuth but many employees are forgetting to sign up.
We are thinking of replacing OAuth with something that doesn't require employee interaction. One way was setting up per-company API keys. So we'd create a private Chrome Extension for each company with a hard-coded API key in some config, and then use that for each company.
This feels pretty clunky, feels slightly off security wise, and would require a lot of work for us, so I'm curious if there is a better way to do something like this?