[FIXED] How to safely handle client id on open source project

Issue

My problem

So what I am trying to do is create a minecraft launcher written in python using the minecraft-launcher-lib library. That library requires me to use Azure Active Directory to log into the users Microsoft account.

The problem with that is that to log in I need to pass a client id and secret to the library to perform the login. For obvious reasons I cannot have these ids hardcoded, as it is an open source project.

What I already tried

I searched all over google to find a solution and stumbled across the Azure Managed Identities. As I am only using Azure for the app registration, I do not have the option to use these.

Another thing I came across was using a certificate but I could not find any information on how to use a certificate for my usecase.

And finally the question:

Is there any way for me to safely retrieve, save or handle these ids in any other way so I can share the source code of my project?

Solution

As suggested by larsks is correct.

1. You can store your credentials in a separate file and while making public for your project do not share the credentials file.
2. If someone else wants to use your code they will need to register their own application and use their own client id and secret.
3. Another alternate solution is for Making it more secure you can use Azure keyvault to store your Credentials there and you can retreive the credentials directly from the Azure keyvault while log in.

For more in detail you can use this Link to authenticate in Azure keyvault which store Client_ID and Client_secret.

Answered By - Venkatesan

Answer Checked By - Senaida (PHPFixing Volunteer)