I understand the basics of oauth, and I used it in the application before, but I never like this.
I have an oauth2 based api that I wrote and I am writing a javascript application (in backbone.js) and I want to access it using api.
My problem is that I need to get the access token for the js application. I usually requested a token with something likeexample.com/oauth2/token?client_id=<client-id>&client_secret=<client-secret>&....
If my client secret should be, well, a secret, should I put it in my js application?
What is the correct way to do oauth2 over javascript?
My users / application are also the "source" for oauth, so I am not going to perform any authentication of third-party users, since they will already be registered on the site.
source
share