How do i secure a webtask, to only allow processing events coming in from a specific auth0/webhook
From the Webtask
wt create refresh-token.js -s AUTH0_CLIENT_ID=XXXXX -s AUTH0_CLIENT_SECRET=XXXXX -s AUTH0_DOMAIN=XXXXX
Makes the command line variables available as context.secrets.AUTH0_CLIENT_ID and context.secrets.AUTH0_SECRET (also shows up under “webtask editor/secrets” tab)
Is this supposed to secure the webtask, i can still acess the url (froma browser), and see the output from the callback.
From the Webhook auth0 extension
The ‘Scheduled jobs/Secrets’ tab shows entries for AUTH0_* keys which i didnt explicitly set, what do they defaul to.