Could get an access token with a short lifecycle or call an API you control to make the requests for you. You would still need authentication, so you will need some sort of OTP or short lifecycle token you generate.
Depends somewhat on the version of OAuth2 the API provided. Google has a good article on how to call their API's, but they did OAuth 2 correctly: developers.google.co...rAgent
Brandon Weber
posted
what makes you think our OAuth2 API wasn't built correctly? ;)
Derek Brooks
posted
I DID OAUTH2 CORRECTLY TOO
Clint James Ecker
posted
Wasn't sure if you were consuming yours or a 3rd party API.
Brandon Weber
posted
the tricky part is that we have some endpoints that use the client_credentials flow, so we can't do pure JS/implicit grants
facebook comments
i.imgur.com/ZgnfwVl.jpg
Kevin Switzer posted
Could get an access token with a short lifecycle or call an API you control to make the requests for you. You would still need authentication, so you will need some sort of OTP or short lifecycle token you generate.
Depends somewhat on the version of OAuth2 the API provided. Google has a good article on how to call their API's, but they did OAuth 2 correctly:
developers.google.co...rAgent
Brandon Weber posted
what makes you think our OAuth2 API wasn't built correctly? ;)
Derek Brooks posted
I DID OAUTH2 CORRECTLY TOO
Clint James Ecker posted
Wasn't sure if you were consuming yours or a 3rd party API.
Brandon Weber posted
the tricky part is that we have some endpoints that use the client_credentials flow, so we can't do pure JS/implicit grants
Derek Brooks posted
twitter comments
@broox @clint how conceptual?
BonzoESC posted
@broox @clint I did that once, and it actually worked well. Sure felt strange, though!
leed0 posted
@broox i’m game, get my phone number from @leed0 or @clint or follow and i’ll dm
BonzoESC posted
@BonzoESC @leed0 @clint hit me up at derek@broox.com on email, hangouts, whatever!
broox posted
@broox @clint try t.co/jbEnYbeNgo - advice is don't try and do it yourself way to easy to mess it up.
scottgal posted
@broox @leed0 @clint added on hangouts
BonzoESC posted
@scottgal @clint implicit grants aren't sufficient as we need to authenticate userless clients as well.
broox posted
@broox @clint For userless you can only really use t.co/bJrSwMD6Fk Client Credentials Grant...but can't see how to secure that on JS.
scottgal posted
@scottgal yep, i totally understand that... i've built something that supports both client and user grants. email me! derek@broox.com
broox posted
@BonzoESC @broox @clint I will spare you an awkward hangout, my email is lee at arstechnica dot com
leed0 posted
your comments