如果您还没有，我建议您阅读 OAuth 1.0 和 2.0 .它们都被一些较大的API使用，例如Facebook，Netflix，Twitter等. 2.0仍在起草中，但是并没有阻止任何人实现和使用它，因为客户端使用起来更简单.听起来您想要更复杂，更安全的东西，所以您可能希望专注于1.0.

If you haven't already, I'd recommend some reading on OAuth 1.0 and 2.0. They are both used by some of the bigger API, such as Facebook, Netflix, Twitter, and more. 2.0 is still in draft, but that hasn't stopped anyone from implementing it and using it as it is more simple for a client to use. It sounds like you want something more complicated and more secure, so you might want to focus on 1.0.

我总是发现Netflix的身份验证概述是对客户的很好解释.

I always found Netflix's Authentication Overview to be a good explanation for clients.

然后快速谷歌搜索发布了这篇文章:如何做:使用JavaScript保护OAuth

And a quick Googling gives this post: How-to: Secure OAuth in JavaScript