I am working on a corporate internal web app where users are automatically signed in if they are on the VPN (to avoid handling/requesting their password in our app) via SSO. One users are signed in I have built in functionality using nodemailer so that users can send emails. However, at the moment I have hardcoded a random email and password account I made up for testing. I am trying to find the best way to allow users to send the email through nodemailer without having to provide their password (because they have already signed into the VPN). Ideally I don't want to handle the passwords at all as I would run into privacy issues and have to maybe deal with encryption.
Is it possible to use nodemailer side-stepping the password auth? I have the user's email account the moment they sign into the account using SSO/VPN.
If not is there something that works just like nodemailer where I dont have to provide the password?
If not to both of those, what would be the best way to incorporate the corporate SMTP and nodemailer without having to request the user's password to feed nodemailer?
I'm not very familiar with SMTP at all..
Thanks