Storing secrets in native app
This sample is a Windows Forms app that stores a client secret in its code. It calls the EmployeeApi using these credentials. In the demo it is shown how easy it is to extract this secret from the executable.
You can simply compile the app and run the strings utility from Windows SysInternals on the executable. You should find the client secret along with all the other pieces of text stored in the binary.
DO NOT store credentials in native apps! This includes:
- Desktop apps
- Mobile apps
- Single Page apps
- React Native etc. apps
Any app that runs on a device you do not control is a native app. If the API you are calling requires authentication, you must authenticate the user.