web-security

yury.solovyov 2017-10-23T18:10:48.000120Z

@yury.solovyov has joined the channel

yury.solovyov 2017-10-23T18:14:14.000729Z

Hey, I have an app I was going to build purely on client-side, but as it turns out, I can't really do OAuth without exposing private tokens, so my next Idea is to spin up a simple web server app that will do only 1 thing - provide tokens for client app, but I am not sure if that's secure approach and if such server will be easily absued

yury.solovyov 2017-10-23T18:15:39.000131Z

my hope is that you'll still need to grant access when provider (twitter) app asks user about permissions

yury.solovyov 2017-10-23T18:16:10.000081Z

I'm not sure that enough tho

bja 2017-10-23T02:56:12.000106Z

I've used buddy with compojure-api recently. It was fine.