Hello,
OmniAuth uses “secrets” but the concept is nowhere explained. It’s obviously too trivial.
I guess it is, if you are once just being told what it means.
I also know some talk about a users “secret” in the context of Rails credentials. There is only a very short official Guide on it.
With OAuth, the concept is addressed for example here RFC 6749 - The OAuth 2.0 Authorization Framework in the RFC6749 or for further example here RFC 6749 - The OAuth 2.0 Authorization Framework
client_id
REQUIRED. The client identifier issued
to the client during the registration
process described by Section 2.2.
client_secret
REQUIRED. The client secret. The
client MAY omit the parameter if the
client secret is an empty string.
How do I obtain that part of a users credentials or how do I generate a valid secret?
Is by “secret” the same thing meant as by “digest” ?
Also I have read about “server-side secrets” and “client-side secrets” I think.
I am new to security concepts, also in Rails.
Thanks!