I’m wanting to create a Windows desktop application written in Python, packaged in pyInstaller into a Windows .exe, then packaged into an installer .exe using NSIS. The application includes a Windows service that sends status updates to and receives commands from my server, authenticated by Auth0. The example in the documentation is as follows, but embedding the client_secret into code would be a security vulnerability.
How can I securely distribute a desktop app that logs in to Auth0 without giving away the client_secret?
from auth0.v3.authentication import GetToken
token = GetToken('myaccount.auth0.com')
token.login(client_id='...', client_secret='...', username='user@domain.com', password='secr3t', realm='Username-Password-Authentication')