Best Way to Save Client_Secret and access_token?
Hey i got now the Discord Login on my Tool Ready but now i need to Safe Data like the Access_token, refresh_token and the client_secret.
My first thought was to safe it in an config.json but then everyone can access them?
What would be the best case for this?
6 Replies
https://docs.microsoft.com/en-us/aspnet/core/security/app-secrets?view=aspnetcore-6.0&tabs=windows
The easiest way is to use the appsettings.json
Safe storage of app secrets in development in ASP.NET Core
Learn how to store and retrieve sensitive information during the development of an ASP.NET Core app.
Are you using appsettings already, or is that not possible with your program?
if it's ASP.net it's enabled by default
in the one project i already used it in the other its an ui3 programm where it didnt used it yet.
ahh so the appsettings.json isnt accesible for the user
thanks for the info
appsettings.json should contain the default values. Every developer can use the secrets (right click the project -> Manage secrets) to set private secrets that are not put in the git repo
on the server, environment variables will override appsettings (or your deployment pipeine can update the appsettings json)
Only if you give it to them. These answers assume you are running a server, not giving the user your app. If it's a client app, you cannot safely store your secret, but a configuration file allows them to easily put in theirs
it should be for an client app. But how does people do this then for their apps with an oauth login. They need to have the Client secret on the local app?