Generally yes. You could ask the user to get their own API keys ... • Aaron Parecki

67°F

Джейк https://twitter.com/jakerobinson • Dec 10
Is it impossible to do an open-source CLI tool that connects to an OAuth2 API without either exposing the app key or hosting a service just to do key exchange stuff?

Generally yes. You could ask the user to get their own API keys though. You could also register the app as a "public client" so that you never get a secret, then it's okay to put the client_id in the app. (Only some APIs let you do this tho)

Redmond, Washington, USA • 44°F

Mon, Dec 10, 2018 9:27am -08:00

1 like 1 reply
- Trenton Lipscomb
Have you written a response to this? Let me know the URL:
- Джейк twitter.com/jakerobinson
  
  The best I’ve come up with is to do an AWS Lambda function to host the app key and do the handshake.
  
  Mon, Dec 10, 2018 6:09pm +00:00 (via brid-gy.appspot.com)

Posted in /replies using quill.p3k.io