You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The current constructor api has the client secret as a required named parameter, but its actually only used in passwordGrant() and I'm not actually sure if it's even needed there?
It would be a good to remove the client secret from the constructor and only have it passed in as a parameter to passwordGrant() to make it clear to users of this package that it is not a good practise to store the secret in a mobile app nor is it required for most (all?) the end point used by this package.
The text was updated successfully, but these errors were encountered:
Auth0 recommends that the client secret never be stored in a mobile app.
The current constructor api has the client secret as a required named parameter, but its actually only used in
passwordGrant()
and I'm not actually sure if it's even needed there?It would be a good to remove the client secret from the constructor and only have it passed in as a parameter to
passwordGrant()
to make it clear to users of this package that it is not a good practise to store the secret in a mobile app nor is it required for most (all?) the end point used by this package.The text was updated successfully, but these errors were encountered: