Is it good to implement OAuth in JS and exposing Consumer Secret and Key?


I want to develope a Twitter client for Chrome. I have seen JS files of existing twitter extensions for Chrome. And found their consumer key and secrets are exposed. I believe It’s not the way that it should be.

I want to share my opinion that is server side. That user need to signup on my website. Have oAuth on that web. I will save their access tokens. And when they install my Chrome extension. I will ask them to login. And every time when they will tweet, I will fetch their access tokens online and made their tweet possible.

In this way, my keys will remain hidden. I don’t want to use Chrome OAuth.

Do you think my server side implementation of OAuth is better than JS implementaion?


Sorry it posted as duplicated.