I am trying to create a service which should have access to a certain section of the user’s profile, even when the user is not logged in. This section is created by my app and user granted me access. Now I need the following scenario:
- The user has full control over his data
- My service should read this data once per day (without the user logged in)
- My service should be fully transparent and guarantee I do not store the user data anyhow. I just have permission to read it from profile and user can deny access at any moment.
Is this possible? what to read? As I understood, the access to profile is granted through the private key which is then stored in app domain and should not be sent to any service as this could violate the security.