JavaScript应用程序被所谓的 公共客户的中的OAuth 2.0。它基本上意味着他们不能保守秘密，因此，你的不能做客户端（应用程序）的授权。

JavaScript applications are what are called 'public clients' in OAuth 2.0. It basically means they cannot keep secrets and therefore you cannot do client (application) authorization.

因此​​，如果您使用的是JavaScript应用谈谈您的API，你需要做的用户身份验证，并给予用户访问您的API。或切换到一个服务器端应用程序访问你的API。

So, if you are using a JavaScript application to talk to your API, you'll need to do user authentication and give users access to your API. Or switch to a server side application to access your API.