Hello Community, Sorry for going off topic, but I'm sure there are people here who could help me. Although most of the stuff described below are build in node, my question is more of an architectural one.
I'm developing a public HTTP backend API for a service. On top of that, there is a web app that has users log in, and should use the backend API to fulfill user requests. The API supports OAuth2, and the web app is a single page app, with loads of javascript. My concern is how the browser and the web app should talk with the API. I found two possible ways. ## Browser directly uses the API When the user enters his credentials to log in, the web app passes them to the API and is given an OAuth access_token, which is directly passed to the browser and stored in some cookie. Then every request to the API is made directly from the browser through JSONP. When the user logs out, the web app destroys the session. ## Browser talks to web app, which talks to the API When the user enters his credentials to log in, the web app passes them to the API and is given an OAuth access_token. A session is created with the User and the access_token is stored in the session. When the browser needs to talk to the API, it goes through the web app. The web app uses the access token in the session, calls the API, and delivers the response to the browser. Both ways have pros and cons with performance and security trade offs. What do you think? Thanks a lot, danmilon. PS: from what I've seen, twitter uses it's public API directly from the browser, but passes session cookies for authentication. That means their API also supports cookie sessions? -- Job Board: http://jobs.nodejs.org/ Posting guidelines: https://github.com/joyent/node/wiki/Mailing-List-Posting-Guidelines You received this message because you are subscribed to the Google Groups "nodejs" group. To post to this group, send email to nodejs@googlegroups.com To unsubscribe from this group, send email to nodejs+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/nodejs?hl=en?hl=en