I'm trying to authenticate a user in my Android App using Google's identitytoolkit. The identitytoolkit is in use and provided by a third party App.
Legally speaking we're not allowed to get the user's e-mail and password. Otherwise I could do below call:
POST https://identitytoolkit.googleapis.com/v1/accounts:signInWithPassword?key={MY_SECRET_KEY}
{
"returnSecureToken": true,
"email": "[email protected]",
"password": "MY_PASSWORD"
}
And it would return the JWT bearer token. We need some redirect URI that shows a webview into which the user can fill in the e-mail and password. How does this work? Or what are the best practices for this?