I’ve currently set up lock to sign up/log in with a user, then I’ll return the result, which contains the authtoken and the idtoken. As I understand, the authtoken is used for further API calls (?), whereas the idtoken is used to identify the user.
What I’m not exactly sure is whether you should use the JWT to create a new user. We’re using a custom API call to create a user but I’m not sure if we should use the idtoken for the id? I guess the JWT changes all the time a new auth happens, so the idtoken should be used in which cases? Only to verify whether the token is still valid? Or should the authtoken be used for that?
Sorry, I’m new to authentication and passing tokens, etc.