oidc-client-ts
oidc-client-ts copied to clipboard
Published
20 hours ago •
authts
authts
Configure "client_secret" without exposing it
How can one configure "client_secret" without exposing it to the browser?
As I understand I need a "window" to call signinRedirect and signinCallback methods.
Thank you.
when you run this library within the browser its not possible to hide/not expose the client_secret, thus do not use that, use the code flow with PKCE! When your code is running on the mobile app or desktop app, then its a different story...
