Hello - How do we accomplish Application-only for Single Page Applications? Per the article on this, the id/secret/token are all considered ‘passwords’ that should be secured. In that regard, plugging them into a Single Page Application would expose them through the browser Java Script. Is there a best practice on this? Is it “okay” to put the id/secret into an SPA? How would this be accomplished otherwise?
Thanks in advance.