Can I use someone else's Azure Application to login? Can I share my client_secret with my users?
I'm trying to update my Minecraft script, but with Microsoft account forced migration I can't login anymore and thus my script can't join any server. I'm trying to implement the OAuth flow, but I would need to embed my application credentials in my software (client_id and client_secret)
Why would I use a specific application to login? Can I login on any Azure application? What would be the drawbacks of this? I can't seem to find logs or any information about users who logged with my application. Why should I maintain my application when I could just use the device login flow (/devicecode) with a random client_id found on the internet? The owner of that app would not be able to even find my users logins on his application. Am I wrong?
Expanding on this, why would I need to protect my application? The trusted agent is Microsoft, not my application. My application trusts Microsoft, not the other way around. Thus my application is not a trusted agent. Why would I need to protect its identity? What malicious activity can users do with my application client_secret? Login to Microsoft via my application?
Can't I just share my client_id and client_secret freely to allow users of my opensource project to personally review how they will authenticate and then use my application if they don't want to register one themselves?
Basically, why do I need to maintain a separate authority my users will login onto? I am not an authority, Microsoft is, my users should login directly to Microsoft without need to trust a third party (me and my application). I am a random guy on the internet, I am not an authority! I cannot become a trusted party, my software is trusted because you can review its code, but the new authentication flow requires me to keep part of the authentication software closed source (the part handling client_id and client_secret). Can I just use someone else's application (maybe Minecraft's?) or share my client_secret?