Let say I want to use Web3auth with auth0
In auth0 I can have PKCE and procedure is let say secure as it could be
Now for web3auth I need this clientId. I cannot have this hardcoded in my app like this examples show, and I would need this in my backend
But still, I need to send this from my backend (let say after auth0 gets authenticated) and then I would need to retrieve it to my client app, but agian I would call this with client id
Is this secure enough like it is or what are the best steps to take here?
Hey @djelastic exposing client id won’t cause any security issue. But if you want, you can always create environment variables instead of hardcoding the client id, that’s how everyone keeps secret in the mobile app.
Yeah but if someone has clientId he can access web3auth and use this to make new accounts right
On mobile app storing anything in a secret fashion is almost impossible, but ok, thank you