js- can i authenticate a user into my app using OAuth with only javascript->clientside, and js/java->server side?

Question

I want to use OAuth in one of my apps, specifically a Google Chrome extension. Can it be done through JavaScript code? My only requirement is that it should be done with client side Javascript code, and the server can use either JavaScript or Java.

If this cannot be done, then can I use simple userid-password authentication?

Again, my only requirement is that it should be done with client side Javascript code, and the server can use either javascript or java.

Answer 1

You can definitely use OAuth in a Google Chrome extension, although bear in mind that your application keys and secrets will be readable in the bundle.

For more information: http://code.google.com/chrome/extensions/tut_oauth.html (the example uses one of Google's API enpoints but you could use any OAuth1.0a provider). Since you are interested in doing a Chrome extension you will not be affected by the normal hassle of request origin (cross site scripting) restrictions.

You can use "normal" userid and password authorization as well of course (especially over SSL/HTTPS). If you plan on going public with the APIs then I would recommend OAuth though.