OmniAuth: What is exactly meant by secret or digest ? How to obtain it?

Hello,

OmniAuth uses “secrets” but the concept is nowhere explained. It’s obviously too trivial.

I guess it is, if you are once just being told what it means.

I also know some talk about a users “secret” in the context of Rails credentials. There is only a very short official Guide on it.

With OAuth, the concept is addressed for example here rfc6749 in the RFC6749 or for further example here rfc6749

client_id
     REQUIRED.  The client identifier issued 
     to the client during the registration   
     process described by Section 2.2.

client_secret
     REQUIRED. The client secret.  The      
     client MAY omit the parameter if the     
     client secret is an empty string.

How do I obtain that part of a users credentials or how do I generate a valid secret?

Is by “secret” the same thing meant as by “digest” ?

Also I have read about “server-side secrets” and “client-side secrets” I think.

I am new to security concepts, also in Rails.

Thanks!

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs