OAuth2 in development and production
What is the best strategy of using OAuth2 authentication in development
and production environment?
For example, I want to create an open source web based GitHub client. I
have registered my client as GitHub application. According to OAuth2 spec
I have to specify a redirect url while registering an application. What
redirect_url should I use, localhost-based or real production url? If I
use localhost-based (for development), my production site obviously stop
working (and vice versa).
Is it safe to store client_id and client_secret in public code? If no,
what is the best strategy to store it (i.e. in some config file that is
not added to source version control system)?
No comments:
Post a Comment