Embedding a customer ID in the chrome extension

Question

Embedding a customer ID in the chrome extension

I am creating a chrome extension that will interact with the salesforce-chatter api. But for a user using oAuth authentication (User agent flow), I need to embed my client key in the extension.

Will this cause a security problem? Or is there a way to use oAuth without embedding the client ID in the extension?

+5

google-chrome-extension oauth oauth-2.0 salesforce salesforce-chatter

Selvaraj MA Jul 28 '12 at 6:49

source share

3 answers

, Salesforce, . , , .

+2

Matt Lacey 30 . '12 2:40

Matt , , . - :

?

-. .

0

Daniel Blackhall 01 . '12 7:41

Jan Gerlinger · Accepted Answer · 2012-08-06T13:48:41+0000

The customer ID must be included in the request, so the provider knows that the request came from you, as @Matt Lacey already indicated. Typically, the provider also provides the client’s secret secret, which is additionally included in the access token request, so the provider can check if your application is allowed to use this client identifier.

Chrome extensions run on an open platform, and the platform itself does not provide any methods for authenticating an extension on a server (which would also have to support an additional resource) or preserving properties (it would be difficult, if not impossible, on an open platform), so maintaining privacy client confidentially, unfortunately, is not possible.

, OAuth (. 10.1 10.2 ). , .

, Android , .

Embedding a customer ID in the chrome extension

More articles: