Client-side Javascript auth?

appdotnet / api-spec

App.net API Documentation is on the web at https://developers.app.net. Source for these docs is in the new-docs branch here. Please use the issue tracker and submit pull requests! Help us build the real-time social service where users and developers come first, not advertisers.

https://developers.app.net

952 stars 99 forks source link

Client-side Javascript auth? #235

Open valpackett opened 11 years ago

valpackett commented 11 years ago

auth.md:

If you're building a client-side Javascript app or a mobile app that doesn't have an associated back-end server, you'll find that you need to take some special steps to keep your client_secret confidential.

How can I keep my client_secret confidential if I want to build a 100%-browser JavaScript app? How is the secret used? I don't see it in the URL examples of the client-side flow.

mattflaschen commented 11 years ago

This text could be clearer. But the bottom line is, the secret is not used in the client-side flow. I've used this flow in my own 100% browser app (App Passant) and it works fine.

valpackett commented 11 years ago

That's the issue… This line of documentation is confusing