Could you please clarify what below comment means? It states "its important not to include it" but then it is included. Also can you please expand on how exactly a caller might gain access tokens from that endpoint without supplying consumer key and secret? I am a bit scared to install this after reading the comments! Many thanks.
Could you please clarify what below comment means? It states "its important not to include it" but then it is included. Also can you please expand on how exactly a caller might gain access tokens from that endpoint without supplying consumer key and secret? I am a bit scared to install this after reading the comments! Many thanks.
https://github.com/apigee/api-platform-samples/blob/a0ececb6ef80de0d66f8b708294abf6ff42949ae/default-proxies/oauth/apiproxy/policies/GenerateAccessTokenClient.xml#L7-L10