ngx-security-starter icon indicating copy to clipboard operation
ngx-security-starter copied to clipboard

Published 20 hours ago verified publisher icon heloufir

client_id and client_secret into SPA code

Open davelip opened this issue 5 years ago • 1 comments

Hi, do you think that share to a public client (the user's browser over the internet) into your SPA code the client_id and the client_secret is a good idea (for the security)?

Some related articles:

  • https://tools.ietf.org/html/draft-parecki-oauth-browser-based-apps-02#section-9
  • https://stackoverflow.com/questions/50848892/how-to-use-laravel-passport-with-password-grant-tokens
  • https://github.com/fullstackreact/react-native-oauth/issues/170

Tnx

davelip avatar Apr 09 '19 12:04 davelip

Hello,

Thank you for your interest to my package. Yes I totally agree with you, this is just a first or a beta version of this package, I have plans to store the client_secret into the database and links it with the user_id, then create a function that receive only the client_id, the username and the password, and retreive the client_secret related to this user (based on username + password) then create a request with client_secret retreived.

But it's just an idea, I am always searching for the best way to do it.

Thanks again for this links they are very helpful and don't hesitate to suggest how can I perform this system.

Best regards, Hatim

heloufir avatar Apr 09 '19 14:04 heloufir