Hi, We currently work on OAuth-based Twitter support for NoseRub (http:// noserub.com), and there the question has arisen, whether consumer key/ secret could be distributed with the application to make this functionality work out of the box, i.e. without requiring the user to "register" his installation on Twitter.
The specification (Appendix B.7. Secrecy of Consumer Key, http://oauth.net/core/1.0/#anchor40) is a bit unclear about this topic. It doesn't explicitly say the consumer key has to be kept secret nor does it say the "secret" could be public... One possible issue I can see is that someone else claims to be "NoseRub", and after he got an access token he abuses it... So, how do others deal with such a scenario? Thanks, daniel --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
