Get access token on the frontend
Hello everyone!
I'm playing with Better Auth using it to authenticate my app's user on Google. Everything is working smoothly but I noticed that there is a way for the user to get the access token issued by Google on the frontend by calling
I'm wondering if it is common practice to expose these tokens to the frontend.
Is there a risk of this token to get stolen somehow?
I'm playing with Better Auth using it to authenticate my app's user on Google. Everything is working smoothly but I noticed that there is a way for the user to get the access token issued by Google on the frontend by calling
await auth.api.getAccessToken((...)I'm wondering if it is common practice to expose these tokens to the frontend.
Is there a risk of this token to get stolen somehow?
