"Okay, stay on the line. My manager went to the bathroom 15 minutes ago, he should be back any minute, and then we can proceed with..."
After-the-fact accounting for all 'sensitive' actions would probably be more practical for most business needs.
I'd put a wizard in front of the thing that grants the access token to figure out the purpose and scope of the token needed.
Information request: "Rider History"
User: current caller
Scope: Between 9 AM and 11AM today
Reason: Lost an item this morning, need to lookup driver
If you were fancy you might even be able to convert the wizard's contained information into a request against the backend. Select trip.driver, trip.time from trips where user_id={caller_user_id} and time={9:00-11:00 today}
After-the-fact accounting for all 'sensitive' actions would probably be more practical for most business needs.
I'd put a wizard in front of the thing that grants the access token to figure out the purpose and scope of the token needed.
Information request: "Rider History"
User: current caller
Scope: Between 9 AM and 11AM today
Reason: Lost an item this morning, need to lookup driver
If you were fancy you might even be able to convert the wizard's contained information into a request against the backend. Select trip.driver, trip.time from trips where user_id={caller_user_id} and time={9:00-11:00 today}