Hi @aaronpk, "oauth-2-simplified" is a breath of fresh air when there are so many ways to do auth. This really simplifies it. I do have a question: Why would i still want to provide my client_secret for server-side when i can do without it to authenticate?
1
@heyjonyee Thanks! It's an additional layer of security. Without it, you need to use additional techniques such as strict redirect URL validation and even PKCE to compensate.
Feb 22, 2018 · 4:03 AM UTC