I understand the basics of oauth, and I've used it in application before, but never like this.
I've got an oauth2 based api I wrote, and I'm writing a javascript application (in backbone.js), and I want to access the api with it.
My problem is that I need to obtain an access token for the js app. Normally I'd request a token with something like example.com/oauth2/token?开发者_Python百科client_id=<client-id>&client_secret=<client-secret>&....
If my client secret is supposed to be, well, secret, should I be putting it in my application js?
What's the proper way to do oauth2 over javascript?
My users/app is also the "source" for oauth, so I'm not going to be doing any kind of 3rd party user authentication, as they'll already be logged into the site.
I think you should obtain the access token from the server. This way, your client secret is kept secret on the server. In other words, your server will serve as a proxy for the OAuth exchange.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论