Oauth2 Client_secret on frontend is always a security issue

[kadary]

Hello,

You asked to fill an issue if we think the Oauth2 app *client_secret is security risk in frontend.

Just to let you know that your client secret can be use to manipulate other GitHub resources using other mechanism than Oauth2 authorization_code flow.
They can be use in GitHub authorization APIs to gain informations about your end-user for example (https://developer.github.com/v3/oauth_authorizations/).

[szabolcs-szilagyi]

Hello @kadary,

I've been thinking about the same when reading about client_secret to be used on the front-end. After reading your ticket about it the thing that made it even more funnier that we even think alike with our profile pictures. 😆

[GerkinDev]

Well, when I saw this, I jumped out from my seat. I expected some kind of hashing or something to hide it.

So, I've moved to https://utteranc.es/, which does not have this security issue.

[sariabiha]

https://advance-esthetic.us/rf-facial-machines