Speckle Secret for plugins

I’m trying to figure out how secure the speckle secret stored for web / desktop / installer apps that authenticate into the speckle server. It looks like a hardcoded fixed value for the speckle manager. Is it really a secret. We are trying to make a new plugin and trying to figure out how to store the value.

Thanks!

Hey @peter.grainger, yep - it’s not really a secret. We support only public apps currently - which is what every app that can’t reliably store a secret is, as per the oauth book.

Extra stuff Funnily enough, all apps are "public" apps besides basically backend apps where you can pass the secret via env vars etc.

If you’re wondering, security comes from redirecting exclusively to the specified app’s url.

1 Like

If you’re looking to add a default app registration to your server, then you’d just have to do something similar to what I have done in this recent PR: