How is this component secure? The app secret is required in the component?
princefishthrower opened this issue · 1 comments
princefishthrower commented
Hi all,
I'm wondering how this component / login flow is secure, as it requires the app secret directly as a prop. Shouldn't the app secret be referenced and used only in a server-like environment?
Interested to hear anybody's thoughts on this.
Cheers,
Chris
princefishthrower commented
My bad, I now see the discussion: #54 and the corresponding documentation in the README. However, this should be the default implementation. (app secret should not even be implemented as a prop)