How to do it without client id secret in the client side?

Use case: We are making a command line tool which will authenticate with google and configure the kubernetes access. 

We thought of using the code here but:
1) We do not want to create client id and secret for every developer. 
2) Also, we cannot hard code client id and secret in the binary as this client id and secret can be used to impersonate the application.

Please suggest.

More information - 
- https://github.com/kubernetes/kubernetes/issues/37822
- https://stackoverflow.com/questions/55836757/can-google-client-id-and-client-secret-credential-be-exploited-by-a-non-org-memb
- https://stackoverflow.com/questions/55829927/use-google-as-the-oidc-provider-without-leaking-client-secret

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

How to do it without client id secret in the client side? #28

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

How to do it without client id secret in the client side? #28

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions