In this meeting of the State Changers, the team discussed various technical aspects and problem-solving strategies related to their project. The chief focus was on Google service accounts, with a participant encountering a 400 error due to uncertainty about setting the right scopes for the project.
The primary tool under discussion was Xano, which was being used for the service account. A snippet from Xano had no defined scopes, leading to the confusion. The meeting involved a deep exploration of the differences between identity tokens and access tokens, stressing the importance of defining clear permissions for the latter. The meeting attendees related scopes to job delegation: just as someone is assigned a job with certain permissions, so too does an access token have defined scopes. The central question was what authorization the "robot" has, i.e., what it has permissions to execute. The specific application under focus was Firebase cloud messaging API. It was being used for managing push notifications. One participant discussed the process of setting up a client using client credentials flow to acquire an access token. They had already accepted permissions through the phone and were now trying to secure an access token that gives them permission to use the API for sending out push notifications. By the end of the meeting, they had successfully set up the scope, but were yet to decide what to do next. Other tools like Adalo were also mentioned, but the discussion on them was brief. Overall, the meeting served as a platform for brainstorming solutions to technical issues that the team faced during their work, with a particular emphasis on permissions, scopes, and service accounts in Xano and Google service accounts.
(Source: Office Hours 3/28 PM )
