Now I wonder if we could skip the application authentication since client and server are quasi the same in that case. I just don't want to expose client-id / client-secret to the web client directly.
Maybe you can adjust authenticateApplication, so it skips that check if the request comes from it's own web client.
Hey Pier,
got a quick task for you. :)
We're now exposing the composer in the browser.
http://localhost:3001/composer
Now I wonder if we could skip the application authentication since client and server are quasi the same in that case. I just don't want to expose client-id / client-secret to the web client directly.
Maybe you can adjust authenticateApplication, so it skips that check if the request comes from it's own web client.