So I put together a Windows 8 app using HTML/JS and WinJS for XHR requests to SharePoint 2013 REST services. I'm pulling list data down at present, but I'd like the conversation to be broader (reading and writing from custom lists or document libraries).
I was wondering if there were any examples of impersonating a SharePoint user via the REST services - maybe sending a request for a token and passing the token. I'm guessing this isn't a good practice from a security standpoint or may not be even doable.
Alternatively, I can see writing a WCF service that sits in the middle in C# or something like that which would do all of the impersonation and just return the data as JSON to the Win 8 app, which would then to a request to that service.
Just looking for some guidance on the best practice and what others have tried. Thanks!