I am using Auth0 for one of my SPA projects and use auth0 js library. While debugging I found that , when a request is made to Auth0 by calling LoginwithRedirect, I can see all the secret values like ClientID, Secret, domain etc as part of Request header , they are plain text values and not encoded. It’s a big security risk as what if any rouge user finds this info ? what can we do to decode/hide those values?
See below image for more info. This is not good