shreemaan-abhishek commented on issue #10498: URL: https://github.com/apache/apisix/issues/10498#issuecomment-1813892180
I am not sure what you mean but AFAIK, but you do not need to include the `client_secret` in a mobile/web client, in fact the `client_secret` is provided by the OIDC provider which is then configured into the plugin. During the request, the client should carry a credential given by the OIDC provider (ex: a bearer token) which is then used to authenticate the request. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
