Anil Thakkar
Nice Article! I am stuck with one very basic requirement in my application. Here is my scenario. I am building custom e-commerce portal using angular as a front end and rest API as a back end. I have product listing API which is going to be called by my angular client application without user’s credentials as product list is public page. However, I don’t want anyone else to consume my product listing API. I know I can use client id and and client secret to obtain token and make it secure but, how do I avoid exposing my client secret in angular app?
Anyone can steal it very easily. Is there any way to use Authorization Code flow with PKCE for public my APIs such as product listing API where user id and password is not required?