Use googleoauth2 instead of integration/API credentials
I'm pretty new to this and at the moment I'm writing an app with Google App Maker for handing in travel expenses.
Currently the user sends an mail with an attached receipt to [email protected] and Expensify does the rest of the job. However this means that the user usually has to correct the created expense. The new app shall avoid this issue by making an explicit API call.
Right now I'm wondering about the security concept regarding the credentials.
One solution might be to store the (encrypted) user credentials (or the ones of an Domain Admin whose in charge to create expenses on behalf of the user) somewhere in the app/database but this could become really messy.
The easiest solution for me would be to use Google OAuth/SSO. To use the app the user is singing in with their Google account anyways so I wouldn't have to bother with the security issues then. And as mentioned before the Google account is linked the user's Expensify profile already.
So long story short; is there a way to use the Google credentials instead of the integration/API credentials?
And otherwise do you have any best practice advice for handling/storing the Expensify credentials?
Thanks in advance