Menu
I understand the basics of oauth, and I've used it in application before, but never like this.
I've got an oauth2 based api I wrote, and I'm writing a javascript application (in backbone.js), and I want to access the api with it.
My problem is that I need to obtain an access token for the js app. Normally I'd request a token with something like example.com/oauth2/token?client_id=<client-id>&client_secret=<client-secret>&....
If my client secret is supposed to be, well, secret, should I be putting it in my application js?
What's the proper way to do oauth2 over javascript?
My users/app is also the "source" for oauth, so I'm not going to be doing any kind of 3rd party user authentication, as they'll already be logged into the site.
858
I think you should obtain the access token from the server. This way, your client secret is kept secret on the server. In other words, your server will serve as a proxy for the OAuth exchange.
89
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
