Hello,
I'm having a Wierd Doubt in OAuth2.0 (Maybe I'm wrong) - Please Correct me if am wrong
I'm going to Implement OAuth Password grant type in my Mob APP.So I did some research on the implementation.Finally, I came into some points. To implement such grant type. I've need
- username
- Password
- Client-id
- Client-secret
- Grant_type(Password)
Here Client-id and client-secret are not really needed(Since there is no-third party Access, only a trusted Single Party).But still, in order to protect my API's, I need Client-id and client-secret. I've created my own client-id and client-secret. But here
how to store my client-id and client-secret?
Can I go with Storing the Client-Id and Client-secret in SQL?Then in my C# code, I actually Hard-coded the Values and Compare against the value from the DB. Is this the Correct way to achieve this? Or any other better way to handle the client credentials
Likewise in other types of grants(Involving Third Parties like Google, Microsoft etc.) how the Client-id and client-Secret are handling? Are they just hard-coding the values in the Code itself?
JAYENDRAN
