1

enter image description here

I tried to lookup how firebase cli handles client secrets. Can somebody explain what that means.

I have a electron app. I need users to login and keep those access token offline so that they need not login again. I have it all figured out but the problem is with storing client secrets. Am I in the right direction or is there any problem??

Update: Github firebase link

Cœur
  • 37,241
  • 25
  • 195
  • 267
Girish
  • 154
  • 1
  • 6
  • These are not secrets, but values that your client-side code needs to connect to the correct Firebase backend. See https://stackoverflow.com/questions/37482366/is-it-safe-to-expose-firebase-apikey-to-the-public. But I'm not completely sure what that `clientSecret` is there. Where did you get this from? – Frank van Puffelen May 17 '18 at 19:55
  • @FrankvanPuffelen I have updated the link – Girish May 17 '18 at 20:21
  • @PurTahan I kinda figured a way. Just let me know what you guys think about this. using normal http auth by serving a page and then storing the access token on the client so that if needed later can be used. In my case I need to send emails from the logged in user's profile. So once logged in I will store the access_token and all the data in some file and use that with gmail api to send email. Till now this is what seems totally safe to me – Girish May 17 '18 at 20:23
  • @PurTahan what's your exact situation? – Girish May 17 '18 at 20:24

0 Answers0