I intend to build a front end site entirely in javascript (NodeJS) and i would like to do ajax calls to a REST WS which is on another domain on client side.
I intend to use oauth2 and SSL to secure my REST back end, perform the access token asking on front end server side, but as i want to be able to do ajax calls, i have to use the obtained access token on client side.
My question is : what is the dangers to use a short-lived access token on client side in order to perform cross domain ajax calls ? Isn't it as secure as using cookies ? I know that passing by a proxy should be more secure but is it really worth ?
Thanks a lot.