top | item 29234679

(no title)

techthumb | 4 years ago

In that case you could create a backend endpoint that accepts a request and makes the call with the API key on behalf of the client/front-end.

The title of the article says OAuth, and hence assumed that you wanted an authenticated client to be able to make the call to the backend for subscribing.

discuss

vonadz|4 years ago

"In that case you could create a backend endpoint that accepts a request and makes the call with the API key on behalf of the client/front-end"

This is what is happening, except instead of a backend endpoint hosted on my own VPS, I'm using a Cloudflare worker.

"The title of the article says OAuth, and hence assumed that you wanted an authenticated client to be able to make the call to the backend for subscribing."

An authenticated client is necessary in order to retrieve the email of the client.

techthumb|4 years ago

I follow the implementation here.

The conflating part here is that using the callback as a mechanism to imply subscription.

This works for your situation.

However, if you need to start making multiple backend calls, then, you will likely need to separate the authentication part from the subscription part.

Generally, OAuth implies that the requirement is to get authenticated by a provider and making multiple subsequent calls to some backend. Additionally, the backend will verify the authenticity of the short-lived token before allowing the operation to proceed.