I'm creating web application and I would like to allow users to authenticate using facebook, gmail by OAuth. I thought that I will use server solution but I found this:
And my question is. What do you thing about this;)? Is It secure? It is better to use server solution or client? It is very simple but I'm newbie in JS and I don't know what to thing about it. Thanks for all answers.
It is only secure if you trust the organization that provides the service. It looks like they could impersonate a user, to your application and the OAuth provider.
You can't use a pure js client side solution, as this would expose your secret keys. You have to use a service or server side solution for OAuth.
If you want a quick solution for a small site or want to use a lot of providers, a service like this seems fine. For larger projects I would probably set up my own server side solution at some point - this requires quite some reading about OAuth protocols and OAuth provider APIs and/or OAuth libraries though. I would recommend to stick to well tested libraries and don't roll your own, unless you are proficient in OAuth and really need a customized solution.
There also is an an open source version of oauth.io that you can run on your own server: https://github.com/oauth-io/oauthd
