Thanks for the response.
I have several follow-up questions.
Since this is an open source project, I think it would fall under "publishing it for production use". Would you agree?
I understand that the client id/secret could be stored somewhere safe in web services. But what if the application is a standalone program that is run locally and directly interacts with the Graph API without a custom server in between?
To be more specific, my project is intended to be downloaded and run directly on the user's machine, so the API key/secret has to be available somewhere in the source code or package for the user to use it. If the API key/secret is not packaged in the (open
source) software, then the only way the user can use the program is to register another API key/secret to use the program, which I would like to avoid if possible.
Hope that made sense. Thanks.