Where to Store the ClientID and ClientSecret (OAuth2.0) RRS feed

  • Question

  • Hello,

    I'm having a Wierd Doubt in OAuth2.0  (Maybe I'm wrong) - Please Correct me if am wrong 

    I'm going to Implement OAuth Password grant type in my Mob APP.So I did some research on the implementation.Finally, I came into some points. To implement such grant type. I've need

    1. username 
    2. Password
    3. Client-id
    4. Client-secret
    5. Grant_type(Password)

    Here Client-id and client-secret are not really needed(Since there is no-third party Access, only a trusted Single Party).But still, in order to protect my API's, I need Client-id and client-secret. I've created my own client-id and client-secret. But here how to store my client-id and client-secret? 

    Can I go with Storing the Client-Id and Client-secret in SQL?Then in my C# code, I actually Hard-coded the Values and Compare against the value from the DB. Is this the Correct way to achieve this? Or any other better way to handle the client credentials 

    Likewise in other types of grants(Involving Third Parties like Google, Microsoft etc.) how the Client-id and client-Secret are handling? Are they just hard-coding the values in the Code itself?


    • Edited by Jayendran arumugam Thursday, September 21, 2017 4:28 PM
    • Moved by CoolDadTx Thursday, September 21, 2017 8:28 PM ASP.NET related
    Thursday, September 21, 2017 4:20 PM

All replies