Should i leak both client_id and client_secret in the frontend or should i route my api calls through my own server (also create and generate access tokens through my own server) to hide client_secret?

Should i leak both client_id and client_secret in the frontend or should i route my api calls through my own server (also create and generate access tokens through my own server) to hide client_secret?

@shivamg2 , you should never leak your client_id and client_secret . Routing it through your own server is a better idea.

1 Like