Is it good to implement OAuth in JS and expose consumer and key privacy?

I want to develop a Twitter client for Chrome. I've seen JS files of existing Twitter extensions for Chrome. And they found that their consumer key and secrets had been revealed. I believe that this is not how it should be.

I want to share my opinion , server side. This user must register on my website. Have oAuth on this network. I will save their access tokens. And when they install my chrome extension. I will ask them to come in. And every time they tweet, I will take their Internet access tokens and make them tweet possible.

This way, my keys will remain hidden. I don't want to use Chrome OAuth .

Do you think the server side OAuth implementation is better than the JS implementation?

+3


source to share


1 answer


I think not sharing this data altogether is better, but it is more difficult to do in a Chrome extension as it is more Front-End Development (unless you want to maintain your own server for the extension ...), I don't think there is too much many risks for exposing your OAuth credentials. If they are used by attackers to attack Twitter, Twitter will block access and you can simply apply for new keys. Your user keys will be safely stored on their own machine, so the user data is in order. If you're looking for an easy way to implement the OAuth2 protocol in an extension, here is a utility I created to do just that.

https://github.com/jjNford/oauth2-chrome-extension



I am using this implementation myself in this extension .

0


source







All Articles