Security risk with authentication method being none

I’m trying to make the flutter sample application work, and to do this i had to change the authentication method from “Client secret (Post)” to “None”. It works but wont this be a security risk? How can i make it work when authentication method is Client secret (Post)

Hello @johannesk.hage welcome to the community!

Which sample app are you working with? When token_endpoint_auth_method is set to none , it means that the client is not required to authenticate itself at the token endpoint. This is typically used for public clients, which do not have a means to securely store credentials. A public client could be a browser-based application (like a single-page application) that cannot securely maintain a secret.

On the other hand, when token_endpoint_auth_method is set to post , it indicates that the client must use the client credentials (client ID and client secret) sent in the request body to authenticate itself with the token endpoint. This is a common method for clients that can securely store secrets, such as server-side applications.

Hope this helps to clarify!

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.