Client-side frameworks deliver all of their source code to the end user. Where defined, exposed secrets can allow malicious actors to sign in and act as the application.
This code reveals potentially misconfigured SPA applications. Those that have a client password defined with at least one SPA redirection not to localhost (implying that the source code appears deployed) and may contain a secret key.
Note: This code requires the Microsoft Graph SDK for PowerShell.