I wrote up an example of using Particle API JS and prompting for username and password in a web form and optionally storing only a temporary access token only in a browser cookie. It uses jquery so it might be a little more than you’re looking for, but it might have some tricks that you might find helpful. It runs entirely in the browser, no server code required.