Ready to post? First, try searching for your answer.
Hi guys I had a problem when i tried to log in to the page and the login was successful but immediately after I had exchange failed error.
I saw a post which said to change the authentication method to none, I did it and everything worked as expected.
I read about what happened behind the scene and I understood that it it less secure, I wanted to check if i can solve the issue with the client secret method but had no ability to change it back.
My question is how big of a deal it is? should i keep the authentication method to none or keep looking for ways to solve my original problem?
I understand that you are trying to configure the login for your application and have inquiries about the security of the authentication methods.
It was recommended that you set the authentication method to “None” because of the type of application you select to build. There are two kinds of applications: Public and Confidential. More information can be found here and here. The main difference relates to whether or not the application can securely hold credentials (such as a Client ID and Secret). Public applications include SPAs and Native Apps, while Confidential applications include Web and M2M Apps.
What I presume is happening is that you have a single-page application that cannot securely hold credentials, and the error occurs when you attempt to set it to anything other than “None.” This is as expected. If you are interested, Public Applications often use the PKCE authentication method instead. Here is some more information on this.
I hope this helps. If you have any further questions, feel free to ask!