1) How can we assure that Oauth client secret is safe. For a pure JS web
app, it cannot be stored in the client since as it becomes a public
value . For an android mobile app, it can be retrieved by decompiling
the app binary.2) We have to use refres...