Reputation: 840
Oauth in javascript
I'm creating web application and I would like to allow users to authenticate using facebook, gmail by OAuth. I thought that I will use server solution but I found this:
And my question is. What do you thing about this;)? Is It secure? It is better to use server solution or client? It is very simple but I'm newbie in JS and I don't know what to thing about it. Thanks for all answers.
Upvotes: 4
Views: 138
Answers (1)
Reputation: 29949
It is only secure if you trust the organization that provides the service. It looks like they could impersonate a user, to your application and the OAuth provider.
You can't use a pure js client side solution, as this would expose your secret keys. You have to use a service or server side solution for OAuth.
If you want a quick solution for a small site or want to use a lot of providers, a service like this seems fine. For larger projects I would probably set up my own server side solution at some point - this requires quite some reading about OAuth protocols and OAuth provider APIs and/or OAuth libraries though. I would recommend to stick to well tested libraries and don't roll your own, unless you are proficient in OAuth and really need a customized solution.
There also is an an open source version of oauth.io that you can run on your own server: https://github.com/oauth-io/oauthd
Upvotes: 3
Related Questions
- javascript xmlhttprequest Authorization magento oauth
- Salesforce OAuth with REST API using Javascript
- How to do OAuth authentication via AJAX / jQuery?
- REST API Authentication from Javascript in the browser
- OAuth Full Javascript access, security issue?
- Providing an OAuth Javascript API
- OAuth authentication like Facebook
- Authenticating a javascript application with OAuth
- Secure OAuth in Javascript
- oAuth : Simple javascript