Hi all,
It was found that the user interface correctly masks the defined client secret and does not allow for retrieval at a later point of time. However, when inspecting the server response, the client secret is included in clear-text. This indicates unintended exposure and insufficient implementation of the masking feature.
How can I mitigate this?