What is the best safe way to use Twitter OAuth authentication in JavaScript?
I am trying to write a program so that the user can analyze his use of Twitter and followers / friends. I wrote a server side version that works using the tweepy python module.
I would like to share it with people, but I would like it to work in a browser in order to be scalable and works on my small server.
I see another question why the result is not recommended and unsafe: JavaScript OAuth logs in with Twitter
Which makes sense if you send the secret secret of a user or user (application) to a JavaScript application.
But why can't I create a server side url like here, http://djangosnippets.org/snippets/1353/
Then send the authentication URL back to the browser, something like this on the OAuth Tool page on the Twitter My Applications page (invalid credentials)
GET & HTTPS% 3A% 2F% 2Fapi.twitter.com% 2F1% 2F & get% 252Faccount% 252Fverify_credentials_json% 3D% 26oauth_consumer_key% GD0bgcgMU4MDwNfKQpLFQS3% 26oauth_nonce% 3D24ad5049501dee1292afd8cf22307d68% 26oauth_signature_method% 3DHMAC-SHA1% 26oauth_timestamp% 3D1329173626% 26oauth_token% uPUpxsBc3D283768289LtQ6R1Ez1KeD8DOSsm5XpqJaKI28ysYh% 26oauth_version% 3D1.0
Then use jQuery to authenticate with the user credentials and run the analysis.
This is a significant part of the work, I would not want to do this, and then I found out that it does not work or is unsafe. (or it's already done)
It is safe? He does not seem to reveal any secrets.
Will this work?
Any pointers / examples on the right authentication path for jQuery noob, with the necessary Authorization: header and cookie / redirect processing?
I feel that I have something missing, and there is a reason that it will not work, or it should already exist somewhere, but did not find it. Many thanks!