I am working on a consumer IoT product and we’re using two-legged authentication architecture. We create customer accounts on our backend and accompanying Particle shadow customer accounts at the same time. When a user logins into our app we provide them with a Particle token and that is how they communicate with their device.
We want to implement a feature that allows multiple users to share a device. At the moment, the idea would be to share a single Particle Shadow customer account with multiple users. The issue with that approach is that all users would have the same privilege level because they are all using the same token. Ideally for our feature we would like to have a single product owner and other users would be considered guests.
I was hoping to get some insight in best practices for authentication for multiple users and device relationships.