Browser side auth with appSecret?

Hi brand new to Speckle and having some difficulties to find the REST API documentation for authentication for example.

So far it seems that authentication inside a browser requires the appSecret which I find quite weird. If I remember the challenge value is also passed twice the same way ? Could it be old legacy code ?

Any pointer to a current reference for the authentication API and/or REST endpoints and/or a github sample could help.

I would expect something like PKCE ?

Ah just finding at Apps and Auth | Speckle Docs (Legacy) : * We are supporting the authorization_code flow with PKCE only for public and confidential clients but not a clear path for doing that.

So I’ll try to give a try at that though actual code could likely still help.

Thanks in advance.

docs are on their way, along with examples - you might also consider the community contribution from @vwb : Speckle Auth Izipizi

I also have this for the model checker companion app speckle-model-checker-ui/firebase/public/js/auth.js at 04ba663021d1d346287641837c393bfb67976e45 · specklesystems/speckle-model-checker-ui · GitHub

Ok seems to match what I saw so far and I found there is a direct link to the relevant documentation from the “Settings”, “Developer” option. Also the same UI mention as well that the id/secret will ALWAYS require as well user authentication before being usable.

I was a bit disturbed as I’m not used to see an appSecret being visible inside a browser but seems definitively the way to go and safer than I first thought.

Thanks.