vimeo.js icon indicating copy to clipboard operation
vimeo.js copied to clipboard
verified publisher icon vimeo

Client Secret Keys are exposed on client side

Open johnnyperdomo opened this issue 5 years ago • 2 comments

Is there a way to generate a temporary access token to give grant access to api for a limited time? Like a presigned url that awsS3 provides?

I need to be able to upload videos from my application with the client sdk, but don't want to risk exposing my secret keys. Is there a solution for this?

johnnyperdomo avatar Nov 18 '20 02:11 johnnyperdomo

Maybe with setAccessToken (https://github.com/vimeo/vimeo.js/blob/master/lib/vimeo.js#L282) you can edit the token obtain from server side

Virako avatar Nov 23 '20 08:11 Virako

Curious if you ever found a solution for this? I'm running into the same issue.

unicornsoftwareinc avatar Jan 23 '21 21:01 unicornsoftwareinc