Hi all,
When using a public client that has no client secret and uses Appauth.io, what should not be kept in source control? Especially if you want to release the app under an open source license in a public git repository?
Thanks,
Gavin.
Can’t really answer that because I’ve never used AppAuth but my best guess would be to check their website/docs for guidance. Generally, you don’t want the Client Secret in code that runs on untrusted devices.
1 Like
Thanks. It’s a public client that has no secret.