We're integrating an app to use prismic.io. We've generated an access token to give access to a private repo and can see the follow is generated:
Client ID
Client Secret
Access Token
The "access to master" token can be passed as an option when creating Prismic.client() but this leads to that access token being exposed on subsequent requests.
If this is the suggested way of using the access token, what is Client ID and Client Secret used for? Is it possible for a client to request a token using these instead of exposing the "master" one that is generated?