-
-
Notifications
You must be signed in to change notification settings - Fork 393
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
#44 front end JavaScript library with key obfuscated
- Loading branch information
Showing
3 changed files
with
9 additions
and
9 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,8 +1,8 @@ | ||
| === Docker COPY and WORKDIR | ||
|
|
||
| When we start new project usually we are focus on new feature implementation than on security aspect. | ||
| Sometimes Single Page Application or mobile application need to access information for themselves rather than on behalf of a user. | ||
| For this purpose OAuth provides the `client_credentials` flow to get access token. | ||
| In such situation it's easy to store client secrets in front-end or mobile application code. | ||
| When we start a new project usually we are focused on new feature implementation than on the security aspect. | ||
| Sometimes Single-Page apps or mobile apps need to access information for themselves rather than on behalf of a user. | ||
| For this purpose, OAuth provides the `client_credentials` flow to get access token. | ||
| In such a situation, it's easy to store client secrets in front-end or mobile application code. | ||
|
|
||
| What about looking for it in the Development Tools in browser? | ||
| What about looking for it in the Development Tools in the browser? |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,4 +1,4 @@ | ||
| *Why using Single-Page Application or Mobile application to put client secret in is a bad idea* | ||
| *Why using Single-Page apps or Mobile apps to put client secret in is a bad idea* | ||
|
|
||
| As you can tell by now, you can easily detect any secret that stored within a Single Page Application or Mobile application. | ||
| To prevent such situation Authorization Code Flow with Proof Key for Code Exchange (PKCE) is used. | ||
| As you can tell by now, you can easily detect any secret that is stored within a Single-Page app or mobile app. | ||
| To prevent such a situation Authorization Code Flow with Proof Key for Code Exchange (PKCE) is used. |