-
Notifications
You must be signed in to change notification settings - Fork 101
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Exposing secret on the client side is bad practice #54
Comments
The docs here show where to put the app secret but not where to get it, you can serve the app secret from your server and then connect it with however you manage state |
yeah, this is a bit design flaw in this lib, there should never be appSecret exposed anywhere on the JS side, memory or no memory. it is working for me with responseType=code, and appSecret="completelyrandomNONVALID". Looks like IG does not use it: |
I added an option for expose secret, read doc here |
Hello please some hir con help me to get the profil photo of Facebook account with nodejs please |
I was looking at using your package, but when I read your code and compare it with the manual it says that you should not share the app_secret client side. It suggests you should use the client side implicit authentication. link
Are you aware of this? This looks like an issue that is resolvable. The implicit authentication does not need the secret.
The text was updated successfully, but these errors were encountered: