I’m trying to figure out how secure the speckle secret stored for web / desktop / installer apps that authenticate into the speckle server. It looks like a hardcoded fixed value for the speckle manager. Is it really a secret. We are trying to make a new plugin and trying to figure out how to store the value.
Thanks!
Hey @peter.grainger, yep - it’s not really a secret. We support only public apps currently - which is what every app that can’t reliably store a secret is, as per the oauth book.
If you’re wondering, security comes from redirecting exclusively to the specified app’s url.
If you’re looking to add a default app registration to your server, then you’d just have to do something similar to what I have done in this recent PR: