Is it safe to pass to the application client_id and secret in base64?

There is a WP with a custom API endpoint in. App login using the oAuth 2 gets the token and is working with the data sending to the header of each request token.
I have doubts about how safe is it to send in a request to get a token id and secret in the header in base64?
Application to ionic and in theory, everyone can bonifati that it sends, and to get my data to connect to the API.
I don't know what that means, but people can use my API, and I don't want to.
Login is done as here - https://wp-oauth.com/kb/user-credentials/
API on a domain with SSL
August 23rd 19 at 10:32
3 answers
August 23rd 19 at 10:34
base64 is not a means of protection of information
August 23rd 19 at 10:36
I have doubts about how safe is it to send in a request to get a token id and secret in the header in base64?
Your doubts are unfounded, it is completely safe.

everyone can bonifati that it sends, and to get my data to connect to the API
Snifty anyone, but to decipher not succeed, it actually encrypts.
Since base64 is something encrypts? - buck_Bashirian commented on August 23rd 19 at 10:39
No no, base64 is an encoding utility used to transfer characters from another code table. - rafael40 commented on August 23rd 19 at 10:42
If you for some reason are not satisfied with base64 can encode a text to utf8 or to unicode or to make your code table - there is no difference it's still going over an encrypted channel. - rafael40 commented on August 23rd 19 at 10:45
August 23rd 19 at 10:38
base64 is not a means of protection of information

Your doubts are unfounded, it is completely safe.

Snifty anyone, but to decipher not succeed, it actually encrypts./blockquote>
Colleagues, you confused me. Let's get back to the specific case, there is an app and there is a oAuth 2 server where the login goes through expulsion in the header of the combination of the client ID and secret in base 64. Than it threatens me?
: Since the API is on a domain with SSL, then (I suspect), id, and secret is passed in the header of the https? If so, we can assume that it is safe for all transmission paths to a client machine, as all the headers are encrypted. - rafael40 commented on August 23rd 19 at 10:50
And what's there to be confused?
You have the connection encrypted with SSL, accordingly, all that you pass inside a message is encrypted, so you can safely and securely transmit text in any encoding including in base64, you can even images to transfer, too safe. - buck_Bashirian commented on August 23rd 19 at 10:41
Just need to know why, and in any case to pass safely, and what is not. From the wording of the question suggests that it is interested in the use of base64 in the context of security. So, for safety it has no effect, as it is a means of representation (coding) of information, but no remedy. What, in General, does not negate the fact that the transfer can be safe for OTHER reasons. - rafael40 commented on August 23rd 19 at 10:44
: Can I ask you then to answer the question of why I need to calm down and trust this authentication mechanism? =) I the fact that I can't stop thinking that getting a few client secret, API will be completely compromised. - rafael40 commented on August 23rd 19 at 10:47

Find more questions by tags Information securityWordPress