gitstud
commented
4 years ago The docs here show where to put the app secret but not where to get it, you can serve the app secret from your server and then connect it with however you manage state
Closed fniewijk closed 4 years ago
gitstud
commented
4 years ago The docs here show where to put the app secret but not where to get it, you can serve the app secret from your server and then connect it with however you manage state
codeundercoverdev
commented
4 years ago @gitstud @fniewijk doesn't that still expose the app secret to the user when you fetch it from your server?
victor871129
commented
4 years ago @gitstud @fniewijk doesn't that still expose the app secret to the user when you fetch it from your server?
Yes, that's why you need to check the integrity of your app with a Tampering Detection solution and only store the secret on the phone RAM
chr4ss1
commented
4 years ago yeah, this is a bit design flaw in this lib, there should never be appSecret exposed anywhere on the JS side, memory or no memory.
it is working for me with responseType=code, and appSecret="completelyrandomNONVALID".
Looks like IG does not use it:
hungdev
commented
4 years ago I added an option for expose secret, read doc here
jaweherncir
commented
1 year ago Hello please some hir con help me to get the profil photo of Facebook account with nodejs please
I was looking at using your package, but when I read your code and compare it with the manual it says that you should not share the app_secret client side. It suggests you should use the client side implicit authentication. link
Are you aware of this? This looks like an issue that is resolvable. The implicit authentication does not need the secret.