Open Closed

OAuth Configuration in angular application #6209


User avatar
0
nguyenngoc.son created

Hi, Right now the OAuth configuration for issuer, clientId, client secret, scope are stored in environment.ts file. However with the security concern, we can not store those information in the javascript files. So can we store them in the API and return it to the client application so it can use? If we can then can you provided the sample so that we can follow it.


3 Answer(s)
  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    hi

    You can remove the client_secret from the application/client.

    Your angular client should be a public application.

    https://auth0.com/docs/get-started/applications/confidential-and-public-applications

  • User Avatar
    0
    nguyenngoc.son created

    so in the OAuth Config section, we have those below information: issuer, clientId, dummyClientSecret, scope, showDebugInformation, oidc, requireHttps which one can be removed?

  • User Avatar
    0
    maliming created
    Support Team Fullstack Developer

    Remove dummyClientSecret in angular And unset the secret of the client.

Made with ❤️ on ABP v9.1.0-preview. Updated on December 13, 2024, 06:09