You should find out what Twitter's policy is. EHL
> -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of Daniel Hofstetter > Sent: Saturday, March 28, 2009 7:57 AM > To: OAuth > Subject: [oauth] Consumer secret and open source web applications > > > Hi, > > We currently work on OAuth-based Twitter support for NoseRub (http:// > noserub.com), and there the question has arisen, whether consumer key/ > secret could be distributed with the application to make this > functionality work out of the box, i.e. without requiring the user to > "register" his installation on Twitter. > > The specification (Appendix B.7. Secrecy of Consumer Key, > http://oauth.net/core/1.0/#anchor40) is a bit unclear about this > topic. It doesn't explicitly say the consumer key has to be kept > secret nor does it say the "secret" could be public... > > One possible issue I can see is that someone else claims to be > "NoseRub", and after he got an access token he abuses it... > > So, how do others deal with such a scenario? > > Thanks, > daniel > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
