Article URL
https://learn.microsoft.com/en-us/office/dev/add-ins/develop/register-sso-add-in-aad-v2
Issue
The documentation gives instructions for creating a client secret - basically a shared password - without any indication of whether it's necessary or safe. It's not safe (Microsoft's own internal security scans flag it as a violation), and as far as I can tell, it's not necessary.
The docs should at least dissuade readers from doing it.
Article URL
https://learn.microsoft.com/en-us/office/dev/add-ins/develop/register-sso-add-in-aad-v2
Issue
The documentation gives instructions for creating a client secret - basically a shared password - without any indication of whether it's necessary or safe. It's not safe (Microsoft's own internal security scans flag it as a violation), and as far as I can tell, it's not necessary.
The docs should at least dissuade readers from doing it.