Maybe I am missing something, but I have no idea how to pass an authenticated user record from the authenticator to the back end. Basically I am using a simple CRA authenticator that does a look up in a table for a matching client ID and then ensures the client has a matching key. Later I make an RPC call that goes to the back end and the database needs to be updated with the client’s user record.
Since I cannot trust the parameters the phone sends me, the only secure way to do this is to access the authenticated credentials as checked by the authenticator but I have no idea how to access this from the back end. Please help, thanks.