I am planning on releasing a frontend JS app that uses Auth0 and I am not sure if I should be keeping my domain and clientID secret.
I came across one Stack Overflow post with the same question as mine, and I wanted to confirm the answer given there.
I just reached out to our engineering team regarding that. Will let you know soon!
I just got it confirmed.
Neither the OIDC/OAuth 2.0 domain or client identifier are considered confidential information so it’s okay if others know this.