最近在做一个启动器,做到使用微软账号登录的部分,看到这样一段:
The next step is to get an access token from the auth code. This isn't done in the browser for security reasons.
This exchange should be done on the server-side as it requires the use of your client secret which, as the name implies, should be kept secret.
POST https://login.live.com/oauth20_token.srf
client_id=<your client id>
&client_secret=<your client secret>
&code=<auth code / the code from step 1>
&grant_type=authorization_code
&redirect_uri=<your redirect uri>
像这种需要client_secret才能使用的认证服务,client_secret一般怎么保存(或者隐藏)?
Select Language