Security around client secret? #4
Description
Was thinking about this and committing (or even injecting at build) clientSecret won't really be secure. I suppose spoofing App analytics isn't exactly the most likely hacker priority but still. Looking into this it seems the options are something like apple app attest or creating app keypairs in secure enclave and store public key in openpanel (or a proxy) and sign the requests. Is this something you've given any thought to already?