Where and how should I keep Client Secret on desktop C# UWP?

For OAuth authorization through applications, you must specify the clientID and clientSecret. This is necessary so that GitHub can identify my application and remove some restrictions.

I registered my application and got the id and secret, but! it is not clear where to keep Secret, many people do  not recommend  storing it in the  source code, which is also public. I do not have a server, I do not know where to store it.

It is unfortunate but one downside of Oauth2 is that the key cannot be stored in the app.settings file even encrypted. Most small apps use something like https://aws.amazon.com/kms/ to menage the private keys, they have a free tier with 20000 api calls a month .

Thank you very much for the answer. I’ll look at the link you dropped. But are there any alternatives for authorization “through” the application?

Not one option came up. In general, everything is clear, can not be stored on the client. It is not clear why, because of such a bull**bleep**, does OAuth still exist? And why did GitHub prefer to use OAuth when nobody normally can use it because there is no place to store keys, what is the logic?

Of course, there is authorization through the browser, but creating a UWP desktop application with browser authorization is much more difficult than for a web application.