I am writing a chrome extension that will use the Bing translation API. To use it I need an access token which I can request using my clientID and client secret. It expires every ten minutes.
What is the correct way to do this client side? I obviously don't wan't to distribute my client secret but the access token expires every ten minutes.
You cannot secure the client side in a bullet-proof manner.
You have basically 2 options.
Accept the fact that your extension code can be inspected and the secret extracted. Then, you can use chrome.identity to work with OAuth this way. Considering that the API is billable, that is suboptimal.
Move the secret to some hosted server. Your extension will then have to ask the server for a token (which expires, at which point it needs to be re-requested from your server). That is the only secure way.
Some APIs (not Bing) provide a method of authentication using only a Client ID, understanding that JavaScript clients cannot secure the secret. This is not an option here - your code is supposed to generate tokens server-side.