Hi John,
Thanks for all the feedback. Given right now all our clients are under our control and not third party clients, do you see an issue with my earlier suggestion for fixing the shared secret issue by hosting an endpoint that exchanges the refresh token with Auth0 on our clients’ behalf?
Thanks in advance, Alex.