What is the recommended auth flow to store the grant_id?

alienator · July 12, 2024, 1:30pm

I am using the Scheduler and Email APIs and will have my users authenticate using Google Sign-in, but I am not sure what would be the best auth flow for this.

Currently I am going for the following:

User logs in through Google and provides calendar and email access.
Token is provided and we exchange for the grant_id.
Store the grant_id in the DB
Use the stored grant_id for providing the scheduling interface and using it to send emails.

Is this an okay flow or does the Nylas team recommend a different approach?

Blag · July 12, 2024, 3:13pm

Hello @alienator that should be fine, we use the email as the grant_id so while the grant is valid, you only need the email. Keeping it on the DB is fine as long as your API KEY is secured enough, as you need the combination of both to get access to the email and calendar.

alienator · July 12, 2024, 3:45pm

Thank you @Blag! I appreciate all the help.

Topic		Replies	Views
Bypassing Repeated Auth in Scheduler Question and Answers	3	34	October 19, 2024
Regarding auth flow of email and scheduler Question and Answers authentication , scheduler	21	197	October 19, 2024
Scheduler UI component redirect_uri Question and Answers authentication	1	31	August 8, 2024
Nylas authentication workflows Question and Answers authentication	0	23	October 28, 2024
Invalid_grant error Question and Answers email-api , authentication	3	301	April 12, 2024

What is the recommended auth flow to store the grant_id?

Related topics