Embedding client Id in chrome extension

Question

I am building a chrome extension which will interact with salesforce-chatter api. But for a user using OAuth(User-agent flow) authentication, I need to embed my client key in my extension.

Will this cause any security problem? Or is there a way to use oAuth without embedding client id in my extension?

Answer 1

The client id has to be added in a request, so the provider knows that the request was issued from you. Usually, the provider also issues a confidential client secret that is additionally incorporated in the access token request, so the provider can confirm that your app is authorized to use that client id.

Want to get certified in Salesforce? Here is the Salesforce Online Training you are looking for!