So I’m using google signin with through expo and it seems to be working fine on the client side. Now I want to talk to my api and setup a user account. The API uses googles api library to do verification of the token id, but it needs the client_id of the client to do it.
My first thought was to pass the client_id with the request but also white-list client_id’s on the server but, I’m wondering if there’s a best practice is for this scenario. Especially regarding security.