Goodreads Developers discussion

296 views
examples / showcase > How to use OAuth in Javascript to develop a windows 7 gadget

Comments Showing 1-8 of 8 (8 new)    post a comment »
dateDown arrow    newest »

message 1: by Harshini (new)

Harshini Nawarathna (harshani) | 7 comments I'm developing a windows 7 gadget for goodreads using HTML and javascript. I managed to get reviews for a given ISBN in my gadget. But I want to connect to Goodreads via OAuth and update my books.

Are there any examples to use OAuth in javascript to access Goodreads API?


message 2: by Michael (new)

Michael Economy (michaeleconomy) I'm pretty sure OAuth isn't secure over front end javascript. I'd be willing to bet you're the only person trying to do this.


message 3: by Harshini (new)

Harshini Nawarathna (harshani) | 7 comments Hi Michael, How could I do it differently?


message 4: by Michael (new)

Michael Economy (michaeleconomy) Maybe ask some of the other windows developers in the forums? Sorry!


message 5: by Michael (new)

Michael (michahell) | 2 comments The only one doing this? Well, as the state of the GR API documentation is, well, sorry, pretty sad (I can't even find which version of OAuth is being used, apparently v1 when looking at some implementations)
Node.js is serverside javascript and has OAuth packages, so yes this is possible. I'm currently in the process of finding out what's the best method of doing this.


message 6: by Michael (new)

Michael Economy (michaeleconomy) If you did Oauth in front end only code, someone could steal your API key, and start making malicous requests on behalf of your app. Then we'd likely ban your API key. OAuth (v1 or v2) isn't build for a completely "open source" model.


message 7: by Michael (new)

Michael (michahell) | 2 comments Hmm that's true. But you are forgetting the
mixed frontend / backend development platforms such as Electron and node-webkit. Could it be done in those? The backend code could still be publicly visible but It is for example possible to obfuscate (and I don't mean uglify or minify) code. Also, you could set up your own proxy on a server (key could not be stolen) that doesn't need Oauth?


message 8: by Michael (new)

Michael Economy (michaeleconomy) If you were to rig up some sort of proxy server, i'd bet you could get it working.

The only big potential restriction you could run into with any language/framework is that lack of a oauth 1.1 library. While it's possible to build your own, it's a bit difficult.


back to top