How a third party service could delegate permissions to client application on a given information system

Question

As a company that wants to offer access to its services to third party known clients, I try to design an authentication/permission system. Here are our needs:

• A