over 9 years ago
Normally, the username should ONLY be equal to the appKey when the master secret was used to login. Otherwise, the request.username should be the authenticated username. If this is not the case, then maybe something is wrong.
How are you seeing this "request.username" equal to the App Key? When testing from a device or webpage after a user has logged in? If so - something is definitely wrong.
If you are only seeing it when testing from the Kinvey API Console, this is normal.
How can I get the actual username of the requesting user (from the authorization header)?