How to store app_secret API with oauth in web client (javascript)?

V

vermus2014-06-26 08:01:32

JavaScript

vermus, 2014-06-26 08:01:32

Suppose I have a certain service with a REST API and an OAuth server. I want this api to be used by javascript client(s) on my own domain. That is, I want to write one API with oauth authorization and use it for any client (including the web).
What are the practices in this case? How to store app_secret (not even store it, you can store it in principle on the server side - how to close it from prying eyes?)?
Or do they not use oauth for web clients?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

R

Roman, 2014-11-29
@TrogWarZ

Hello vermus . Have you found a solution to this issue?

V

vermus, 2014-06-27
@vermus

Well, at least throw a couple of links - where to dig? I still see services that work separately. That is, a separate api , a separate web application (with its own POST and GET requests). This is done when you need to create an API for an existing site. If done from scratch, it violates the DRY principle.