Secure OAuth in Javascript

Question

I have an api which uses OAuth 1.0a to authenticate applications using it. It\'s replacing an old api which used a number of custom built and hodge-podge calls which are being d

Answer 1

I wrote a site that does OAuth login via javascript library for OAuth. This is the workflow:

1. OAuth is only supported on browsers that have LocalStorage
2. The login form will check LocalStorage for OAuth keys and try an OAuth login automatically if OAuth keys exist.
3. There is a checkbox for "remember me" on login form, so a user can have OAuth tokens created for them on login.
4. A successful login w/ remember me will:
   • find or create ClientApplication with the name equal to User Agent, and create the tokens if necessary
   • respond with a javascript tag in the HTML response. The javascript tag will call a javascript function with the tokens passed as arguments. This function will save the OAuth tokens to LocalStorage.
5. An unsuccessful OAuth login attempt will:
   • respond with a javascript tag in the HTML response. The javascript tag will call a javascript function to clear the LocalStorage settings for OAuth tokens. This will prevent additional OAuth login attempts

There is some more detail to this process, I can tell you more about it if you want me to.