I’m building a custom app for Airtable. The app interacts with my web service via REST API calls.
I’d like those API calls to be authenticated. In other platforms, the integration layer has a function you can call to get a cryptographically signed document that contains the user’s account information. For example, as a Google Sheets addon, you can call ScriptApp.getIdentityToken to get an OpenID Connect token with the user’s information.
Airtable almost has this – the useSession hook returns the current user’s ID and email address.
However, they are returned just as plain strings. This is not sufficient for authenticating the user, because anyone could claim to be a user just by knowing their email address or Airtable user ID.
Would Airtable consider exposing something where there’s a cryptographically verifiable way of retrieving the user’s identity? For example, an OpenID token, or an OAuth flow?
As it stands, I have to implement my own user storage system, and require the user to create an account and login. This is frustrating/confusing for the user, as they’ve already logged into an account–their Airtable account.