OmniAuth: What is exactly meant by secret or digest ? How to obtain it?


OmniAuth uses “secrets” but the concept is nowhere explained. It’s obviously too trivial.

I guess it is, if you are once just being told what it means.

I also know some talk about a users “secret” in the context of Rails credentials. There is only a very short official Guide on it.

With OAuth, the concept is addressed for example here rfc6749 in the RFC6749 or for further example here rfc6749

     REQUIRED.  The client identifier issued 
     to the client during the registration   
     process described by Section 2.2.

     REQUIRED. The client secret.  The      
     client MAY omit the parameter if the     
     client secret is an empty string.

How do I obtain that part of a users credentials or how do I generate a valid secret?

Is by “secret” the same thing meant as by “digest” ?

Also I have read about “server-side secrets” and “client-side secrets” I think.

I am new to security concepts, also in Rails.


This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs