Ask a Question

Secure handling of OAuth Consumer Key and Secret in Chrome Extensions and Gmail Gadgets

in Education by
I would like to get some ideas on to properly handle Salesforce OAuth Consumer Key and Secret in Chrome Extensions and Gmail Gadgets. Chrome extensions are essentially Javascript wrapped up in a zip compatible format. If I need to build an extension that calls Salesforce APIs on behalf of the user, I have to embed the Salesforce generated App OAuth Consumer Key and Secret in Javascript for the extension. This creates the possibility of disclosure of the OAuth Consumer Key and Secret, and possible misuse. I am curious as to how other developers are handling these OAuth Consumer Key and Secrets in Chrome Extensions. Google provides anonymous Consumer Keys and Secrets for Chrome Extensions that need to access Google APIs. However, Salesforce doesn't provide similar OAuth setup. Is this on the roadmap for the Salesforce OAuth 2.0 implementation? Select the correct answer from above options

1 Answer

0 votes
by
 
Best answer
Following are the two ways by which you can do so: You can run a proxy via your own server which protects the limits and secrets that allow methods through your own API. You can also update the API keys in moments rather than potential days to refresh an extension Obscure the secrets in the gadget code. It may be difficult to find but, in Chrome, it will be fairly easier to pick out the keys in dev tools network tab. Make sure no original damage is done using the secrets.

Related questions

0 votes
Q: How can I use the grant_type=password oauth flow with salesforce.com?
    I'm trying to get an authorization token using the Username-Password flow (as described in the final section of this ... work for me. Select the correct answer from above options...
asked Feb 4, 2022 in Education by JackTerrance
0 votes
Q: Twitter OAuth token/secret generator
    I have an PHP SDK for Twitter OAuth, but in it's constructor, I have to pass the OAuth secret ... JavaScript Questions for Interview, JavaScript MCQ (Multiple Choice Questions)...
asked Feb 10, 2022 in Education by JackTerrance
0 votes
Q: Secret Key Cryptography is effective for Communication over insecure channels.
    Secret Key Cryptography is effective for Communication over insecure channels. (1)True (2)False...
asked Mar 19, 2021 in Technology by JackTerrance
0 votes
Q: What are salesforce.com and Apex like as an application development platform?
    I have recently discovered that salesforce.com is much more than an online CRM after coming across a Morrison's Case ... ' .Net route? Select the correct answer from above options...
asked Feb 8, 2022 in Education by JackTerrance
0 votes
Q: Salesforce.com Id attribute seems to have a 15 and 18 character value, whats the difference?
    When using the SOAP API to work with salesforce.com (SFDC) it seems that the primary key in the underlying database ... is all about? Select the correct answer from above options...
asked Feb 2, 2022 in Education by JackTerrance
0 votes
Q: Salesforce Create Buttons and Links option - Custom URL to launch email template
    I have an email template that I would like to launch from within the case using a Link/Button. I see the ... Any help you be great Select the correct answer from above options...
asked Jan 30, 2022 in Education by JackTerrance
0 votes
Q: When should one use the following: Amazon EC2, Google App Engine, Microsoft Azure and Salesforce.com?
    I am asking this in very general sense. Both from cloud provider and cloud consumer's perspective. Also the ... Server like Biztalk? Select the correct answer from above options...
asked Jan 30, 2022 in Education by JackTerrance
0 votes
Q: What is the difference between custom app and console app in salesforce?
    Can anyone tell me what is the difference between custom app and console app in salesforce? Select the correct answer from above options...
asked Jan 9, 2022 in Education by JackTerrance
0 votes
Q: Salesforce Einstein is considered to be the __________.
    Salesforce Einstein is considered to be the __________. A. Visualizer B. Personal Calculator C. Personal Data Scientist...
asked Nov 1, 2022 in Education by JackTerrance
0 votes
Q: Disadvantages of the Force.com platform
    We're currently looking at using the Force.com platform as our development platform and the sales guys and the ... such a platform. Select the correct answer from above options...
asked Feb 8, 2022 in Education by JackTerrance
0 votes
Q: Map Custom fields of Leads in Salesforce
    I wanted to map custom fields of lead to map with custom field of contact' when converted using binding.convertLead ... should be made Select the correct answer from above options...
asked Feb 8, 2022 in Education by JackTerrance
0 votes
Q: Best Practice for Salesforce.com API authentication for background apps
    The Salesforce.com API seems to assume that you will always use the app as an active user. Their ... require user interaction? Select the correct answer from above options...
asked Feb 8, 2022 in Education by JackTerrance
0 votes
Q: How can I get jQuery post to work with a salesforce WebToLead
    I have a page with a form that posts to salesforce.com's webto Lead service. I am trying to make an ... receiving website can see? Select the correct answer from above options...
asked Feb 8, 2022 in Education by JackTerrance
0 votes
Q: Best Practice for Salesforce.com API authentication for background apps
    The Salesforce.com API seems to assume that you will always use the app as an active user. Their ... require user interaction? Select the correct answer from above options...
asked Feb 5, 2022 in Education by JackTerrance
0 votes
Q: How can I get jQuery post to work with a salesforce WebToLead
    I have a page with a form that posts to salesforce.com's webto Lead service. I am trying to make an ... receiving website can see? Select the correct answer from above options...
asked Feb 5, 2022 in Education by JackTerrance

© Copyright 2018-2023 www.Blogmepost.com. All rights reserved. Developed by Blogmepost.

...