Google provides two types of tokens access_token and id_token. I believe kinvey only parses and stores access_token which would be a temporary token but do you also store id_token which is a JWT token ? Also, if a user has to send the token to the application business logic do you encourage them to use access_token or provide any privilege to send the access_token ?
Thank you !
Thanks for getting back to me Pranav. I believe the bearer_token or the id_token is only to access the google resources without signing on, but the access_token is something that can be validated with valid keys and it has the complete information of the user as it is a JWT token. If a user has integrated with kinvey for authentication and the same user wants to access the third party servers with Google's Identity then to validate it, an access_token should be required.
You made the following statement...
"If a user has integrated with kinvey for authentication and the same user wants to access the third party servers with Google's Identity then to validate it, an access_token should be required."
Can you describe the detailed use case of how this user will be accessing the third party servers? Are the requirements that you want the application to directly authenticate with and sent requests to the third party servers directly?
I think providing a few more details about how you expect your use case to work would be helpful.
Are you actually building an app at this time. If so, what is the application ID or the environment KID?
We look forward to hearing back from you.