I am planning to create an app that uses JavaScript and it needs to use OAuth to authenticate user for a website. Can anyone help me out please? Any sample code? I know about the Google Code Javascript OAuth library but I am not sure how to implement that..
+3
A:
Post your question to OAuth Google group. You will get more responses there.
Many people don't agree with me but I don't think OAuth is suitable for Javascript. There is no way to keep consumer secret in the browser. OAuth should be implemented in a server.
ZZ Coder
2009-08-04 01:31:28
I would agree if that meant just Javascript on Browsers, but Javascript is used in other environments too, i.e. WebOS, and is entirely valid there.
pablasso
2010-04-19 18:47:21
+11
A:
There is a JS client implementation for OAuth here: http://oauth.googlecode.com/svn/code/javascript/
It contains example code to get you running. Basically, what you do is this:
var url = "...";
var accessor = {
token: "...",
tokenSecret: "...",
consumerKey : "...",
consumerSecret: "..."
};
var message = {
action: url,
method: "GET",
parameters: {...}
};
OAuth.completeRequest(message, accessor);
OAuth.SignatureMethod.sign(message, accessor);
url = url + '?' + OAuth.formEncode(message.parameters);
// send request to 'url'
...
Cheers, Matthias
Matthias
2009-08-17 09:10:03
I think tokenSecret and consumerSekret parameters are supposed to be secret! How could they remain secret when downloaded to browser?!!!
Maysam
2010-02-26 20:04:41
By using SSL, for instance. But, yes, OAuth in a browser environment is certainly suspect to security problems.
Matthias
2010-02-28 13:47:47