Thanks! It's an additional layer of security. Without it, you ... • Aaron Parecki

47°F

Jonathan Yee https://github.com/jonyeezs • Feb 21
Hi @aaronpk, "oauth-2-simplified" is a breath of fresh air when there are so many ways to do auth. This really simplifies it. I do have a question: Why would i still want to provide my client_secret for server-side when i can do without it to authenticate?

Thanks! It's an additional layer of security. Without it, you need to use additional techniques such as strict redirect URL validation and even PKCE to compensate.

Portland, Oregon, USA

Wed, Feb 21, 2018 8:03pm -08:00

Have you written a response to this? Let me know the URL:

Posted in /replies using quill.p3k.io