How it is possible to not expose you secret key with a Javascript OAuth library?

Question

Looking at Twitter OAuth Libraries, I saw this note:

Be cautious when using JavaScript with OAuth. Don\'t expose your keys.

Then, lo

Answer 1

You could also make a script that sends all necessary values and parameters to the server to do the signing with.

The signed URL can then be sent back to the client (browser) that in turn does the actual request.

I have implemented OAuth 1.0a on the Twitter API that way using jsonp requests. The benefit of this is that the response body is not relayed via your server, saving bandwidth.

That way you can have your cookie and eat it too.