Hey Sander, Thanks for the reply. So I have my app setup as described in that article you shared under "Browser-based Apps <https://aaronparecki.com/articles/2012/07/29/1/oauth2-simplified#browser-based-apps>". The problem is that any request to the API with a url like: https://domain.com/api/1.0/getData?access_token=123456789abc can be copied and executed on another other website and/or through terminal. Is there anyway I can pass the access token from angular through the http/ajax request without a users being able to copy and paste the url/access token from their browser's inspector?
Thanks On Tuesday, 9 June 2015 13:18:04 UTC+1, Sander Elias wrote: > > Hi Callumn, > > With OAuth2 you can authorize your angular client, without putting the id > and secret in the application. That's the main idea behind OAuth2. You > authenticate your client, and hand out an token to your web-app. On every > request, you add the token, so your server knows it's an authorized user. > This article > <https://aaronparecki.com/articles/2012/07/29/1/oauth2-simplified> might > help you. To authenticate, you can leave your secret on the server, you > don't need to transfer it to the web-app. > But if there is no need to put your REST inside a protected area, that is > certainly the easiest way out. However, be aware that this might make your > app vulnerable to scraping and other kinds of (ab)use, you might not like. > > Regards > Sander > -- You received this message because you are subscribed to the Google Groups "AngularJS" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/angular. For more options, visit https://groups.google.com/d/optout.
