The applying secret you produced while in the application registration portal for the app. Will not use the applying key in a local application or single web page app for the reason that a client_secret can't be reliably saved on gadgets or Websites. It really is expected for web applications and web APIs, which may keep the client_secret securely