Client secret key is not used in get_user_profile?

Question

Client secret key is not used in get_user_profile?

Opened this issue 2 years ago · 1 comments

Hi!

I was playing around with the get_user_profile example and realized that the client secret key is not used in the authentication process. I thought this was necessary for authentication. Does that mean it's not the case?
Thanks for the help in advance!

Amin

Answer 1 · 2023-08-26T20:25:13.000Z

The get_user_profile example uses the "authorization code with PKCE" method, which you can read about here. It is meant for client side authorization, in situations where the client secret cannot be stored securely. It uses a verification method instead of the client secret