Explore Courses Blog Tutorials Interview Questions
0 votes
1 view
in Salesforce by (11.9k points)

I am building a chrome extension which will interact with salesforce-chatter api. But for a user using OAuth(User-agent flow) authentication, I need to embed my client key in my extension.

Will this cause any security problem? Or is there a way to use oAuth without embedding client id in my extension?

1 Answer

0 votes
by (32.1k points)

The client id has to be added in a request, so the provider knows that the request was issued from you. Usually, the provider also issues a confidential client secret that is additionally incorporated in the access token request, so the provider can confirm that your app is authorized to use that client id.

Browse Categories