I'm planning to access Google's APIs and do authentication using OAuth2. Since I'm going to access them from a Silverlight out-of-browser application I was wanting to know how to keep it secure enough.
I understand that keeping all the details necessary to authenticate on the client is a bit risky. By this I mean the client_id, client_secret, etc. as they could easily be obtained by someone else. So I was wondering how people get round this? Would you use a web service to initally contact Google when 开发者_如何学JAVAauthenticating? If so, how can I help keep that secure so only my Silverlight client can access it?
OAuth client side authentication does not expose any secret information. If you look at OAuth 2.0 for client-side web applications you will see that only required information is public client_id.
精彩评论