Authenticate User without exposing client_id

Is it possible to gain a user access token without exposing the client_id to the user?
In all of the examples in the API documentation, the client_id is included in either the URL of the authorization page or in meta tags in the rendered html.
In addition to this I suppose it also raises the question … does it matter if the client_id is exposed?

Users being able to see your client_id is not an issue, and is perfectly normal. Your client secret, and any OAuth tokens that your app receives, are private though so you do need to keep them secure.

2 Likes

Well that is good news for me as that is what I have currently implemented.
I suppose that makes sense because you can’t really do anything with just the client_id if you don’t have a user access token or similar.
Thanks.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.