function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion

OAuth2 User-Agent Flow example



I've created a sample app using OAuth2 user-agent flow, i.e. JavaScript based client, without any server side code.


Because Salesforce doesn't support XMLHttpRequest level2 yet, (but they are already having crossdomain.xml) I proxied the request to flash, using flXHR project ( I hacked a little to work in current Ajax Toolkit. I hope in future REST API will support crossdomain feature like XHRl2 or something else.



This is just an aside, but when I was creating this example I felt that it is not acceptable for most OAuth consumers to ask users to install the package before its authentication. Not only it is far from user-centricity but also it could be a reason for API consumers to continue gathering user's login name and password.


I posted the idea on IdeaExchange. If you are interested, please read it and vote.