I want to implement my own authentication system using oauth. It is intended to cross-authenticate my current users with an external tool.
In this tutorial, it is suggested, to store the secret in the settings.json file.
However, I had the idea to store the secrets on the server and create the signature using the secret and the login credentials on the server. Finally returning the signature back to the client, which then uses the credentials for authentication.
Some opinions on that? Why is it favored to store the secrets in a client .json file?