3

I want to use OAuth in one of my apps, specifically a Google Chrome extension. Can it be done through JavaScript code? My only requirement is that it should be done with client side Javascript code, and the server can use either JavaScript or Java.

If this cannot be done, then can I use simple userid-password authentication?

Again, my only requirement is that it should be done with client side Javascript code, and the server can use either javascript or java.

Improve this question
2
  • With a client, do you mean a browser based client? Commented Jun 3, 2012 at 18:17
  • I want to create a google chrome extension, which should connect with my OAuth API and then send/receive data using that Api...so by client i mean google chrome extension which is locally installed in user's browser... Commented Jun 4, 2012 at 8:13

2 Answers 2

Reset to default
1

You can definitely use OAuth in a Google Chrome extension, although bear in mind that your application keys and secrets will be readable in the bundle.

For more information: http://code.google.com/chrome/extensions/tut_oauth.html (the example uses one of Google's API enpoints but you could use any OAuth1.0a provider). Since you are interested in doing a Chrome extension you will not be affected by the normal hassle of request origin (cross site scripting) restrictions.

You can use "normal" userid and password authorization as well of course (especially over SSL/HTTPS). If you plan on going public with the APIs then I would recommend OAuth though.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

JavaScript is pure client side scripting language. It cant be used in server side.

Second, If you want your client get authenticated there must be a server side program to do so.

Improve this answer

2 Comments

Javascript can run on the server. Old Microsoft ASP allowed (their version of?) javascript and Node.js does it today. @arvind You should not think in javascript or other language but "client side" and "server side"; where you should consider client side as totally readable and rearrangeable by the user. So if you get OAuth data to your client - can the user abuse it in any way? Can someone else abuse it? (this doesn't answer your question though)
JavaScript can be used server side. You can use it via Node.js, or use it using javas built-in JavaScript-Engine (don't know if OpenJDK has it, Oracles certainly does).

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.