Hello, i’m confused. It seems that we can’t use client id of the same app used for Native app. There are different settings as i understand, there is even a dropbox which states a type of the app.
So we end up with two different client apps and we have one api for both web and native apps.
The question is:
How do we handle this on api side?
We will have two signed tokens coming into our api.
We will have to do two verification attempts on incoming JWT, one for web app and second for flutter app to identify which one is it, possibly we can use custom header to identify whether it is web/browser or native device/flutter app and use proper secrets for JWT sign verification.
Maybe there is another way to avoid backend api changes and to be able to verify incoming JWT from both web and native device?
Another questions is related to created users via management api, those users created via it, will be available for login on native device as well? By logic, they should be available, because we are allowing to use the same DB in settings of native app. Is that correct?