{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 做个烂人 的问题《Oauth2 password grant type with Doorkeeper and Ang》','https://www.manongdao.com/q-714562.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I've got a Rails API that is using Doorkeeper with the password grant method for Oauth2.
Doorkeeper requires both the client_id and client_secret to be sent to the token request (/oauth/token), alongside the user's login details and scope.
How would I go about doing this in an Angular app? I don't like the idea of storing the client id and secret client side...
The client_id and client_secret should only be used when your app code is secured, i.g. inside your web server.
For browser web apps and mobile apps the oauth implicit flow or the password flow should be used.