Hi,
I am currently experimenting building a cli which would authenticate on an API using the PKCE flow.
At the moment I have something like
mycli login --oauth-authDomain "example.auth0.com" --oauth-clientId "xxx" "example.com"
and I am considering exposing publicly the authDomain and the clientID via the API so I could simplify to something like
mycli login "example.com"
So my question, is there any security risk to expose publicly the auth domain and the clientid?
They are the same for anyone using the application anyway
Is there a better way to authenticate on an API than using the PKCE flow?