Why is Swagger exposing my client secret?

I added Swashbuckle/Swagger to my Web Api, not realizing that my client secret would be exposed. The Swagger developers seem to regard it as unavoidable, per this link
https://github.com/swagger-api/swagger-ui/issues/4448

MSAL.js does it without exposure.

Here's my understanding of MSAL.js. It redirects to the Active directory URL-plus-clientID where Active D shows a login page. The user signs in and gets a token if he is in the same Tenant as that clientID (otherwise denied). Active D redirects user back to my home page URL-plus-token. MSAL.Js extracts the token from the URL.

I just don't understand why Swagger can't do the same thing.

Any good solutions for Swagger? My boss is NOT happy with me for having exposed a client secret.

Forum Discussion

Why is Swagger exposing my client secret?

Related Content

How are you securing secrets for storing your projects in github?

Read aws secrets from ReadyAPI

The Secrets of Successful Collaboration - BDD

swagger- specific_Api

Swagger Response In Array

Recent Discussions

ID_TOKEN as the header in the Google OAUTH2.0

How to hide an endpoint from openaopi 3.0

I can't see the "add item" button in swagger UI

Swagger Convertor Gateway Time-out

Authorization Tag For Basic BASE64 Encoding