Hi,

My name is Siddharth, while I am exploring XERO for integrating with java based application, i see a challenge always to send the clientid and client secret in standard flow of authentication , this I see is a must have neccessity to get access and refresh token in callback, my feedback would that when we do an OAuth based integration , can we just use the code and state to get the access token and refresh token , getting the clientid from front end everytime will always be a challenge .