Mask App/Client Secret Fields in Authentication
Currently the App/Client secret keys in the Authorization/Authentication area of Mobile Services are not masked. Any user with access rights to these resources can see the keys. The problem lies in that these keys need to be used for both development and production environments. So, as an example, if a developer is working in a development environment they will be able to see these key values and the same key values need to be used in the Production environment as well, which causes some potentially serious security concerns. Having these key fields be masked would help alleviate that concern because a developer would never be able to see the actual values entered.