发表新帖
发表新帖

How it is possible to not expose you secret key with a Javascript OAuth library?

后端 未结
关注
3 1255
一向
一向 2021-02-02 10:09

Looking at Twitter OAuth Libraries, I saw this note:

Be cautious when using JavaScript with OAuth. Don\'t expose your keys.

Then, lo

3条回答
  • 难免孤独
    难免孤独 (楼主)
    2021-02-02 11:08

    As said in the documentation linked by you:

    Written in JavaScript, jsOAuth aims to be a fully featured open source OAuth library for use in Adobe AIR, Appcelerator Titanium and PhoneGAP. In fact, anywhere that javascript can be used and has cross-domain XMLHttpRequests. For security reasons jsOAuth doesn't run in the browser. Browsers are only mentioned here for running the test suite. If you need jsOAuth in the browser, write an extension.

    A good answer to your added question is available here:

    • Secure OAuth in Javascript

    0 讨论(0)
 看不清?
提交回复
热议问题