Should Devs Use Their Own Client ID on an Open Source Bot?

Hi, have a bot that I’d like to release on Bitbucket. I have a client ID and secret to create a user access token and access chat. I know chat clients ask the user to provide their own oauth token, but I think that’s the user access token, right? Should a dev that clones my project fill in their own client credentials to create user access tokens?

Dev’s should use their own credentials for the app, as while you could share the Client ID as that’s public you shouldn’t ever share the Client Secret, and no other dev could change the redirect URL, meaning that no other developer can generate OAuth tokens.

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.