OAuth in a Webpage is working by simply add the APP_ID to the hellojs request. The OAuth provider can check the domain of a requesting service, to ensure the authentication on an application level. If an application is running in electron mode, the domain is localhost, which cannot be mapped to a responsible person.
Therefore it is probably necessary to send the secret in the hellojs requests.
but maybe I'm wrong
created because of #54
OAuth in a Webpage is working by simply add the APP_ID to the hellojs request. The OAuth provider can check the domain of a requesting service, to ensure the authentication on an application level. If an application is running in electron mode, the domain is localhost, which cannot be mapped to a responsible person.
Therefore it is probably necessary to send the secret in the hellojs requests.
but maybe I'm wrong
created because of #54