Refine OAuth security
Hi, So it does not seem a security best practice to expose GOOGLE_CLIENT_ID to the user code. Google docs say that both client_id and secret_key are considered privileged data and should be secured.
So I am wondering about the security of the Google Auth example that you guys have.
Any concerns here about leaking GOOGLE_CLIENT_ID publicly?
4 Replies
Hi @davidd4309. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave:
----------------------
Hmm, I don't know enough to give you a confident answer yet. However, I can provide you with some resources that might help you understand the security aspects of using Google Auth with refine:
1. Google Auth Example in Refine (https://refine.dev/docs/examples/auth-provider/google-auth)
2. Supabase Google Auth Configuration (https://refine.dev/docs/advanced-tutorials/data-provider/supabase#enable-google-auth-on-supabase)
Please review these resources and consult the official Google documentation for best practices on securing your Google Client ID and Secret Key.
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------Google Auth | refine
You can use Google Login to control access and provide identity for your app. This example will guide you through how to connect Google Login into your project using refine.
<@542609011220938753> kapa.ai is still learning and improving, please let us how it did by reacting below
fair-rose•2y ago
yes, i suggest you too get GOOGLE_CLIENT_ID from env and should be hidden from other users.
we share our GOOGLE_CLIENT_ID publicly because these are not production apps and we want users can easily test our apps