I have my app setup as described in this <https://aaronparecki.com/articles/2012/07/29/1/oauth2-simplified#web-server-apps> article you shared under "Web Server Apps <https://aaronparecki.com/articles/2012/07/29/1/oauth2-simplified#web-server-apps>" section. The problem is that any request to the API with a url like: https://domain.com/api/1.0/getData?access_token=123456789abc can be copied and executed on another other website and/or through terminal. Is there anyway I can pass the access token from angular through the http/ajax request without a users being able to copy and paste the url/access token from their browser's inspector?
Someone did tell me that access tokens are bound to the domain that made the request and therefore if someone copied the url with access token and executed it,it wouldn't work. But I can take an api GET request that has an access token and use that GET url request in an iframe to get the same data. Can someone shed some light on what's going on here? -- You received this message because you are subscribed to the Google Groups "OAuth" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
