0 votes
1 view
in Salesforce by (11.9k points)

I am building a chrome extension which will interact with salesforce-chatter api. But for a user using OAuth(User-agent flow) authentication, I need to embed my client key in my extension.

Will this cause any security problem? Or is there a way to use oAuth without embedding client id in my extension?

1 Answer

0 votes
by (32.1k points)

The client id has to be added in a request, so the provider knows that the request was issued from you. Usually, the provider also issues a confidential client secret that is additionally incorporated in the access token request, so the provider can confirm that your app is authorized to use that client id.

Welcome to Intellipaat Community. Get your technical queries answered by top developers !

Categories

...