Confirming User Identity
After your service has authenticated and received a response from the Login dialog, perform a check to ensure the
logged in user is the same user who originally began the login process.
The OAuth flow involves browser redirection to URLs containing parameters capable of being altered for
potentially malicious purposes.
In order to ensure your app doesn't use incorrect fragments or parameters,
your app should confirm the identity of the user before generating an access token for them. Confirming identity can
be accomplished in different ways based on the
|code:||Exchange code for an access token using an endpoint that can make this confirmation
|token:||Make an API call to an inspection endpoint that will indicate who the token was generated for and
by which app
LaunchKey links to user contributed code as a resource to its community. LaunchKey does not in any way
guarantee or warrant the quality and security of these code bases. User contributed code is supported by the
creators. If you do find a link from the site to user contributed code that is malicious or inappropriate in any
way, please report that link to LaunchKey immediately and we will investigate the claim. Submit any issue to
LaunchKey support at https://launchkey.com./support.