Hi, Right now the OAuth configuration for issuer, clientId, client secret, scope are stored in environment.ts file. However with the security concern, we can not store those information in the javascript files. So can we store them in the API and return it to the client application so it can use? If we can then can you provided the sample so that we can follow it.
3 Answer(s)
-
0
hi
You can remove the client_secret from the application/client.
Your angular client should be a public application.
https://auth0.com/docs/get-started/applications/confidential-and-public-applications
-
0
so in the OAuth Config section, we have those below information: issuer, clientId, dummyClientSecret, scope, showDebugInformation, oidc, requireHttps which one can be removed?
-
0
Remove
dummyClientSecretinangularAnd unset the secret of the client.
