smotornyuk
commented
1 year ago Cool. But let's not raise an exception here. It will force everyone to use secrets, even if the provider doesn't require them. How about log.info("Secret is not configured") if you want to point out potential problems? We cannot use warning/error level here because it will be annoying for users who don't need secret.
On AWS we need to provide the App Secret to retreive the secret. https://aws.amazon.com/fr/blogs/mobile/understanding-amazon-cognito-user-pool-oauth-2-0-grants/
This PR allow to use it when defined