oauth 2.0 - Chrome Extension Bing Translation -

i writing chrome extension use bing translation api. use need access token can request using clientid , client secret. expires every ten minutes.

what correct way client side? don't wan't distribute client secret access token expires every ten minutes.

you cannot secure client side in bullet-proof manner.

you have 2 options.

1. accept fact extension code can inspected , secret extracted. then, can use chrome.identity work oauth way. considering api billable, suboptimal.

2. move secret hosted server. extension have ask server token (which expires, @ point needs re-requested server). secure way.

some apis (not bing) provide method of authentication using client id, understanding javascript clients cannot secure secret. not option here - code supposed generate tokens server-side.