I am using this code for initialize my auth0 object in my login.html page
// Initializing our Auth0Lock
var lock = new Auth0Lock(
‘YOUR_CLIENT_ID’,
‘YOUR_DOMAIN’
auth: {
params: {
state:
etc… etc…
responseType: ‘code’,
redirectUrl:
);
is it dangerous to put this information in public access?
thank you in advance!
Hello @soporte.desarrollo,
Welcome to the Community! I would not openly publicise a client ID like that, at least not for a “real” service, but Client IDs should be treated as public information similar to a “username”. They are not a secret, but I wouldn’t leave them where they can be easily picked up.
Thank you for the fast response markd, so where would be a good place to save this client id ? taking into account that i need to use it for initialize my js script in html, thanks!!
I’m not a developer, but I believe the usual answer is to store the client ID and client secret as environment variables, however that is done for whichever stack you are using. For my python scripts I use a .env file. There are also more advanced secrets management options like Hashicorp, though I don’t have any experience with those.
Ok thank you!
It’s just that in a python script you can use environment variables right? But in a javascript file that is executed in the client’s browser, i cannot do anything to hide the client_id, it’s like that info it’s supposed to be in a public script as explained in the auth0 API, no?
Please correct me if am wrong, thanks!
Can you share the link with us that you are using as a reference?
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.
