Hello everyone !
I’m currently trying to register / login from my mobile app.
Since I don’t want to use the default keycloak webpages for these purposes, I found out that I can use the REST API (e.g. Keycloak REST API: Create a New User - Apps Developer Blog) .
Next to the blog I found this interesting video: Keycloak login Android using API - YouTube
What he’s doing there is to store the client_secret in its app and proceed with it further.
Now I’m asking myself, is it really safe to use the client_secret in a public app ?
Could it be a target for attacks ?
And if yes what would your advice be to implement login register event natively on my app ?