Not totally sure the context of this, but have you at least ... • Aaron Parecki

86°F

Arend-Jan Kauffmann https://twitter.com/ajkauffmann • Jan 25
It started with writing a blog post about OAuth authentication flow. But hiding the client secret was something I wanted to solve first. But you know what? I just found a way to work without a secret. And 100% secure! New blog posts and code will be online soon (=next week)

Not totally sure the context of this, but have you at least read the OAuth docs around this exact problem?

https://tools.ietf.org/html/rfc6819#section-5.3.1

That's the reason OAuth uses a different flow for native apps and SPAs. I'll be curious to see your blog post!

Portland, Oregon, USA

Sat, Jan 25, 2020 8:35am -08:00

2 likes 1 reply
Have you written a response to this? Let me know the URL:
- Arend-Jan Kauffmann twitter.com/ajkauffmann
  
  Yes, I'm aware. Whatever secret there is, it will be stored in isolated storage, only available for the code. The context is that I can't ship a secret with the app package. Which is similar to native and mobile apps.
  
  Sat, Jan 25, 2020 6:21pm +00:00 (via brid-gy.appspot.com)

Posted in /replies using quill.p3k.io