I've just started Windows Phone app development. I'm using the Live Connect API and I am confused about the credentials. When I configured my app in the Live Connect Developer Centre I was given a ClientID and a Secret. However I don't seem to have to use the secret in my app, but I can only regenerate the secret and MS says "For security purposes, don't share your client secret with anyone." What's to stop someone who has the ClientID spoofing my app?
Asked
Active
Viewed 376 times
1 Answers
0
Yes, ClientID is not taken as a secret. Nothing serious can be done only with Client ID.
The Secret is required in important scenarios, like when you received a Windows Live authorization token, then you want to use it to get other tokens in order to access the users' OneDrive storage, you need submit your Secret together with your ID to the Live Server.(this is the Live Connect authorization flow)
Please read this article
Shone
- 76
- 7