Login with Google Not Authenticated on iOS App

In your iOS application, there is Login with Google. In this, you're not authenticating a user properly and it can lead to access to user accounts. Affected API: https://www.instacart.com/api/v2/users/google_login_auth In this request, these are the parameters: access_token, client_id,id_token, login_only, read_terms. In the parameter: id_token, you're passing the token generated by Google user authentication. But the token generated is not properly authenticated at your backend. You're not authenticating if the token is generated by your app or not. For example, I logged in with the app Meetup via login with Google. The id_token generated by Google for this app, when used with your /google_login_auth API, it's still get accepted. This means ​an app like Meetup can access the user accounts of your users using the id_token generated by Meetup. This can compromise your user's accounts. The proper way of authenticating the user is mentioned here: https://developers.google.com/identity/sign-in/web/backend-auth#verify-the-integrity-of-the-id-token