How to store client id and secret in html / js clients for OAuth 2.0

Question

How to store client id and secret in html / js clients for OAuth 2.0

I recently implemented OUTH 2.0 (with tastypie ) to my API. Now I am creating emberjs based on JS client. How can I securely store Client ID and Client Secret? Local storage, which I would guess, doesn't help, as the user can just get the client id and secret easily. The same goes for storing cookies. I've been trying to research best practices for a while, but I can't find anything. Any thoughts on how others are solving this problem? Any resources would be much appreciated.

+3

security oauth-2.0

Jonathan 14 nov. 14 at 5:51

source to share

No one has answered this question yet

Check out similar questions:

548

How is OAuth 2 different from OAuth 1?

544

How does OAuth 2 protect against things like replay attacks using a security token?

210

OAuth 2.0: Benefits and Use Cases - Why?

70

How to keep the privacy of an OAuth consumer safe and how to react when it is compromised?

68

How to keep client credentials private using the OAuth2 Resource Owner account grant type

68

OAuth 2.0 client secret

2

OAuth 2.0 client ids in Django / tastypie implementation

0

OAuth 2.0 authorization code flow using javascript

0

OAuth client id and secret handling

0

OAuth 2.0 public client impersonation

How to store client id and secret in html / js clients for OAuth 2.0

More articles: