Client secrets are an authorization (not authentication) mechanism. Even
the linked website acknowledges them to be insecure, so we can probably
hope they aren't being improperly trusted here. Indeed, this isn't unique
to the HMRC API either. It is an OAUTH thing. A discussion of the security
imp
On Mon, 17 Apr 2017 20:06:15 +0100
Mike Evans wrote:
> On Mon, 17 Apr 2017 19:34:36 +0100
> "Maf. King" wrote:
>
> > On Monday, 17 April 2017 16:39:02 BST Alain Williams wrote:
> > > On Mon, Apr 17, 2017 at 04:00:20PM +0100, David Goodenough wrote:
> > > > Apparently they have effectively
