Help Wizard

Step 1

NEXT STEP

No Client Secret Needed?

No Client Secret Needed?

I am currently working on a web app using the spotify api. I am accessing the api via spotify-web-api-ts-sdk which can be found here https://github.com/spotify/spotify-web-api-ts-sdk/


When creating an sdk object, we can use the function withUserAuthorization providing a cliendId, redirectUri scopes and optional config. I have noticed that this does NOT actually ask for a client secret. Which, knowing that the client id can, and IS, public as can be seen here: https://community.spotify.com/t5/Spotify-for-Developers/Do-i-have-to-keep-the-Client-ID-secret/td-p/...

 

My question is, what keeps non authorized people from connecting to my api app?

Reply
0 Replies

Suggested posts