I have a Vue.js demo and a resource server demo working. I need to put the two together, but they are using different Application Types. The Vue.js app is configured as an SPA type and the resource is a Web type. Is there a way to bridge the two or to find a Client Secret for the SPA type?
I’m using the JavaEE WildFly application which comes with a special OAuth introspection mechanism. I have to provide a Client ID + Secret which works perfectly for the Web type (WildFly does the Base-64 encoding and sets the headers). This may be a WildFly limitation as I see that “None” is a valid authentication for my introspection endpoint, but I don’t have control over that.