Passing OAuth Client ID directly to react-google-login will expose our credentials #181

AminRafaey · 2020-07-17T12:45:53Z

AminRafaey
Jul 17, 2020

Hello everyone,
Using OAuth 2.0 Client ID directly in the client-side will not expose our credentials? Anyone can go into the console of browser and after getting this id can use it for getting data from google on our behalf

Answered by ThisIsMissEm

Sep 27, 2020

@AminRafaey indeed, you'll want to use a different OAuth 2.0 grant type for browser-based applications, commonly recommended now is the PKCE flow.

But this isn't an npm issue, so shouldn't be here on the npm RFCs discussion board. You can likely find more answers on stackoverflow.

View full answer

ljharb · 2020-07-17T16:20:00Z

ljharb
Jul 17, 2020

Yes, you can’t do oauth from a browser securely.

This isn’t an npm-related question; please close it.

0 replies

ThisIsMissEm · 2020-09-27T22:33:45Z

ThisIsMissEm
Sep 27, 2020

@AminRafaey indeed, you'll want to use a different OAuth 2.0 grant type for browser-based applications, commonly recommended now is the PKCE flow.

But this isn't an npm issue, so shouldn't be here on the npm RFCs discussion board. You can likely find more answers on stackoverflow.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Passing OAuth Client ID directly to react-google-login will expose our credentials #181

{{title}}

Replies: 2 comments

{{title}}

{{title}}

Select a reply

Passing OAuth Client ID directly to react-google-login will expose our credentials #181

AminRafaey Jul 17, 2020

Replies: 2 comments

ljharb Jul 17, 2020

ThisIsMissEm Sep 27, 2020

AminRafaey
Jul 17, 2020

ljharb
Jul 17, 2020

ThisIsMissEm
Sep 27, 2020