+ Start a Discussion
ShinShin 

OAuth2 User-Agent Flow example

Folks, 

 

I've created a sample app using OAuth2 user-agent flow, i.e. JavaScript based client, without any server side code.

 

https://stomita-lab.s3.amazonaws.com/sfdc-oauth2/hello.html

 

Because Salesforce doesn't support XMLHttpRequest level2 yet, (but they are already having crossdomain.xml) I proxied the request to flash, using flXHR project (http://flxhr.flensed.com/). I hacked a little to work in current Ajax Toolkit. I hope in future REST API will support crossdomain feature like XHRl2 or something else.

 

 

This is just an aside, but when I was creating this example I felt that it is not acceptable for most OAuth consumers to ask users to install the package before its authentication. Not only it is far from user-centricity but also it could be a reason for API consumers to continue gathering user's login name and password.

 

I posted the idea on IdeaExchange. If you are interested, please read it and vote.

 

https://sites.secure.force.com/ideaexchange/ideaView?id=08730000000JneNAAS