@nilam.n.pawashe
You need not worry. JWT service / URL is outside our web-sdk and usually hosted by customer/ end users.
Yes, we need client id and secret for generating JWT but this can very easily be obfuscated/ obscured from client-side (SDK). Say you pass ‘CID’ and ‘CSECRET’ from client to the JWT generation service (usually called an STS service). For demonstration purpose we have it in kore-config.js but you may as well pass dummy and override it in server.
One demo JWT service can be found in SDK Demo App mentioned in https://test-discourse.kore.ai/t/getting-started-with-widget-sdk-v7-2-onwards/1154
There, under /routes/users.js you will see a demo JWT service. client ID and secret can very easily be overridden using some config/ hardcoded there.
And you need to have your own JWT service created in any of the tech stacks. Here are some https://test-discourse.kore.ai/t/tips-on-setting-up-jwt-service/1156.