Hi Callumn, With OAuth2 you can authorize your angular client, without putting the id and secret in the application. That's the main idea behind OAuth2. You authenticate your client, and hand out an token to your web-app. On every request, you add the token, so your server knows it's an authorized user. This article <https://aaronparecki.com/articles/2012/07/29/1/oauth2-simplified> might help you. To authenticate, you can leave your secret on the server, you don't need to transfer it to the web-app. But if there is no need to put your REST inside a protected area, that is certainly the easiest way out. However, be aware that this might make your app vulnerable to scraping and other kinds of (ab)use, you might not like.
Regards Sander -- You received this message because you are subscribed to the Google Groups "AngularJS" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/angular. For more options, visit https://groups.google.com/d/optout.
