Proper method for accessing OAuth2 tokens via javascript

I understand the basics of oauth, and I've used it in application before, but never like this.

I've got an oauth2 based api I wrote, and I'm writing a javascript application (in backbone.js), and I want to access the api with it.

My problem is that I need to obtain an access token for the js app. Normally I'd request a token with something like example.com/oauth2/token?开发者_Python百科client_id=<client-id>&client_secret=<client-secret>&....

If my client secret is supposed to be, well, secret, should I be putting it in my application js?

What's the proper way to do oauth2 over javascript?

My users/app is also the "source" for oauth, so I'm not going to be doing any kind of 3rd party user authentication, as they'll already be logged into the site.

I think you should obtain the access token from the server. This way, your client secret is kept secret on the server. In other words, your server will serve as a proxy for the OAuth exchange.