I currently have a Javascript client in the making that obscures the consumer secret by doing all the signing logic in a server-side PHP script, or in case of POSTs do the request via the server entirely.
This makes it more secure than for instance many Android apps, who have their consumer secrets as a plain static member or even as a string resource in xml.
Still I’m having difficulty getting the right combination of URL encoding going on.
URLs that work on the Android app don’t work in Javascript (I’m using jQuery).
Other endpoints do work for me, so it probably has to do with the encoding of the query.
Java and Javascript URL encoding differ a bit. Are you aware of anything with this that could cause this?
Thanks in advance.
