I have 2 Rails applications that need to access a third-party API. Only one of the applications is under my control, the other is separate and out of my control. Another application uses OAuth to capture tokens and process requests. I would like to somehow build this OAuth application token, but I need to somehow safely transfer it to my application. I have a separate application agreement, so no problem, assuming we can find a solution that is safe and as seamless as possible.
The largest percentage is that both of these applications live on the same page (one displays the entire page, and the one that is under my control is simply responsible for some AJAX requests). That's why I can’t just log in a second time, my AJAX-only application does not have a login interface and just has to stand on the shoulders of the main application.
Right now, I cannot come up with a solution that is not related to passing an insecure token in the HTML source code, which makes my AJAX application vulnerable to attack. Also, I would like the Rails application not to create routes to redirect my AJAX requests through their server.
Any suggestions on how to get the Rails application for AJAX to use the main Rails OAuth application will be greatly appreciated. Thanks.
source share