Make a sub-application where only a subset of users can log in


I want to make a separate application that connects to the main application via DDP. This part is fairly easy.

Settings.setDefault('public.remoteUrl', 'http://localhost:4000');
Meteor.remote = DDP.connect(Meteor.settings.public.remoteUrl);
Accounts.connection = Meteor.remote;
Meteor.users = new Mongo.Collection('users', { connection: Meteor.remote });

Now I can login. However, what I want is for only those with the role of ‘internal’ in the Roles.GLOBAL_GROUP to be able to log in via this application.

On my main application, I imagine that I need to do something like as follows:

Accounts.validateLoginAttempt(function (user, attempt) {
  // ???

How can I validate across different applications?