OAuth2 without a client secret? - OAuth2 Authorization Code w/PKCE Flow???
SOLVE
Hello,
Over the past year (since this post), have any options opened up for using OAuth2 with HubSpot without passing a client secret?
I'm working on an integration to HubSpot that is client hosted in a scenario somehwat similar to a single-page application (SPA).
Storing/using a client secret in this scenario is not ideal. It would be much better to use OAuth2's Authorization Code Flow with Proof Key for Code Exchange (PKCE), which avoids the need for that secret.
Hoping there's an option to do this. 🙂
In worse case, I may have to fall back to using private app registrations, but that may preclude my integration from being listed in the App Marketplace. 😞