client secret in OAuth 2.0
I had the same question as the question 1 here, and did some research myself recently, and my conclusion is that it is ok to not keep “client secret” a secret. The type of clients that do not keep confidentiality of client secret is called “public client” in the OAuth2 spec. The possibility of someone … Read more