OAuth authentication and JS REST API



Hi, I’m going to write a web client to post/view tweets in Twitter. The best would be to avoid to use server code but reading posts and documentation I’ve seen this is not feasible with Twitter. Starting from this point, I would like at least to be able to use server code only to authenticate and return a sort of token to be used in the client with REST API. Is this feasible? Please could you give some hint or link to some docs when it explains this kind of interaction?



I don’t think that would work as you would need to embed tokens into your Javascript code which could be easily retrieved. Additionally due to the cross origin policies of Web browsers you would not be able to make requests to the Twitter API directly.
Personally I don’t think that is easy to do without a full featured server backend, but maybe someone else here on the forum has an idea how to solve the mentioned problems?


Well, the idea is to leave on the server only the PHP used for the authentication and execute the client stuff on the local machine which retrieves the oauth tokens from a server. My original idea was to have a javascript api only but I’ve read this is deprecated and also not recommended because of security issues. I just don’t get why Twitter doesn’t follow the route of other socials where you can raise the authentication ui from a js method and avoid completely server code. Maybe if twitter doesn’t follow that route probably doesn’t want clients like that.