Created
December 3, 2014 14:44
Revisions
-
danmatthews created this gist
Dec 3, 2014 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,26 @@ # Discussion: Getting started with client-side applications. > Note: While my stack consists of Laravel (4/5) and AngularJS, i don't want this discussion to become a language or framework flame war, let's keep it respectable. > I would love the result of this to become an incredibly helpful blog post & guide. Hi guys, i'm currently in the throes of (among other things), writing a client-side application to interact with an API (that i control). And there's a few things that confuse me, and i'd love to start an open discussion on the best patterns to use when building client side applications in order to achieve some of the following: ### Securely authenticating users. Authenticating for a client-side application. That means that no information that should not be shown to the user (tokens, application keys) is visible or hard-coded into the javascript or HTML. Currently, my application uses a cookie to store a user's API key after an initial call to a secure authorisation endpoint, but the idea would be to move to OAuth in the future. Are cookies the way forward? ### Private methods. What is the best way to ensure that only 1st-party mobile/web applications have access to certain 1st party private API methods? for data that can't be processed on the client ### Gotchas & Considerations Is there anything else that anyone frequently forgets to do when building an API for consumption by a client-side framework, or are there things people often miss when building their first client-side app? I'd love to hear about them. >Code examples are encouraged and appreciated!