I have followed the directions of Chris Hemedinger and Joseph Henry for retrieving the token needed for interacting with SharePoint and OneDrive. I have an Azure API with a client secret.
I am trying to figure out how to best lock down the value of the client_secret and yet have it accessible to the users of my environment so that they can utilize the API calls from SAS to o365 SharePoint Online.
What is the recommended method to hide this value?
I thought of a %include, but that needs to be readable for their code to work. I thought of burying a macro value but any savvy user would know %put &thesecret. ; in a SAS session would show the literal value.
Thank you in advance for sharing your thoughts and experiences in this thread.