Is this possible?

Is this possible?

I want to submit a feature request, but I am not sure if it is even possible.

1 I want to create a Catalyst based web app where the user logs in using their Zoho credentials.

2 After logging in, they will upload a service account JSON file for a Google API such as Dialogflow ES. The service account JSON file (and the secret key inside) will not be directly visible to my app. But it should be saved using a unique name which is provided by my app.

3 Zoho Catalyst manages the auth completely (safely storing access and refresh tokens), and just hands me the specific access token for the API on demand whenever I ask for an access token for this uniquely-name-service-account. ZC, behind the scenes, will generate this access token by using the credentials stored inside the service account JSON file.

4 This removes me (the developer) from the picture and Zoho becomes entirely responsible for keeping the API secret safe.

By the way, service accounts are different from the OAuth flow where a user gives an app the permission to access their (say) Google Drive. In that case, you can get a single-use access token valid for 60 minutes, and force the user to reauthenticate if the session exceeds 60 minutes.

Here I am talking about a scenario where, say, I host someone's Dialogflow bot backend within my app. Google calls them server-to-server applications. I could still do this by asking the user to authenticate, getting the refresh and access tokens, and then storing the refresh token in my DB. Problem is, now I become responsible for keeping this refresh token secure. I want to know if there is a service to which I can outsource this.

By the way, technically, Zoho is already doing this when you allow a user to integrate Zoho SalesIQ with their Dialogflow ES chatbot. You are already storing the refresh token, which is used to generate a new access token each time the bot responds to the user message. I just want this same functionality available as an external service. :-)

Is something like this even possible?

      Catalyst Community