Our proposed solution to identify an app user when opening a website operated by app developer is:
Apps sends a request to backed with app users auth header Backend fetches a generated authenticated url from website backend, based on users auth header App opens it in browser
The browser journey is self contained within domain of the business.
Would this interaction require an ATT request given that the users identity cannot be tracked back to the app user ?
Thanks