How to make OAuth 1.0A calls from Javascript?


I think I understand OAuth 1 pretty well, but I’m not sure how to go about using it from Javascript. Making requests requires both an access token and a consumer secret, but making the consumer secret available to the JS seems problematic. Is there a recommended way to do this? I’d rather not have to make the JS make calls to a proxy service that knows the consumer secret.

My interpretation of the various flows described at is that I should be using the “Web applications” flow, but that seems to implicitly be assuming the OAuth calls are being made by the server, not locally by the JS. Is that right?

It seems like OAuth2 has a solution for this, via implicit grants, but that doesn’t seem to be a possibility with Twitter, yet.

Thanks for any help / suggestions.


Unless you’re using server-side Javascript, we can’t recommend or support using OAuth 1.0A over Javascript or in purely client side browser-based contexts.