Well ... if you use a client_id with secret, then this should be in the backend. Otherwise use the user grant flow or use both to have it (like in azure) validated as the intersection of user and application rights.
If you put the client_id and it’s secret into the web front end and use this as the only access restriction, you might as well use an API without authentication/ authorization.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Well ... if you use a client_id with secret, then this should be in the backend. Otherwise use the user grant flow or use both to have it (like in azure) validated as the intersection of user and application rights.
If you put the client_id and it’s secret into the web front end and use this as the only access restriction, you might as well use an API without authentication/ authorization.