I have a small server side web app which allow REST api commands to be executed from an external client. I have OAuth2 setup on the web app and I have a client setup in OAuth2 with a client id and client secret.
Externally, I have an angularjs client side website that I want to request api calls from the server side app via ajax/http requests. I want the angularjs app to publicly accessible and not require users to login to the angularapp to access it. The data the angularjs app is receiving from REST api is not sensitive. I know I can setup angularjs to send a client id and secret to the api REST app to help ensure that the api only accepts requests from trusted clients, but this would involve encoding the client id and secret into the angularjs' code and would be publicly accessible thus making the client restrictions on the REST app nulled. Is there anyway to secure the client id and secret into angularjs so it cannot be seen in any inspectors or by the users at all? Am I just better off making the public REST api request fully public and not require a client id and secret to be executed? -- You received this message because you are subscribed to the Google Groups "AngularJS" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/angular. For more options, visit https://groups.google.com/d/optout.
