secret property

String secret
final

The client secret for this client.

The authorization server will issue each client a separate client identifier and secret, which allows the server to tell which client is accessing it. Some servers may also have an anonymous identifier/secret pair that any client may use.

This is usually global to the program using this library.

Note that clients whose source code or binary executable is readily available may not be able to make sure the client secret is kept a secret. This is fine; OAuth2 servers generally won't rely on knowing with certainty that a client is who it claims to be.

Implementation

final String secret