I had similar thoughts when whilst the team were working on an example twitter client app for our oauth-net http://code.google.com/p/oauth-dot-net implementation. We had to rely on the fact that the application in twitter would come up as OAuth-Net Test Application.
It would be interesting to hear peoples views on whether they expect examples to work out of the box with no registration or if they would be happy to have to register as a consumer themselves to test out the examples. Chris. On Mar 28, 3:56 pm, Daniel Hofstetter <[email protected]> wrote: > Hi, > > We currently work on OAuth-based Twitter support for NoseRub (http:// > noserub.com), and there the question has arisen, whether consumer key/ > secret could be distributed with the application to make this > functionality work out of the box, i.e. without requiring the user to > "register" his installation on Twitter. > > The specification (Appendix B.7. Secrecy of Consumer > Key,http://oauth.net/core/1.0/#anchor40) is a bit unclear about this > topic. It doesn't explicitly say the consumer key has to be kept > secret nor does it say the "secret" could be public... > > One possible issue I can see is that someone else claims to be > "NoseRub", and after he got an access token he abuses it... > > So, how do others deal with such a scenario? > > Thanks, > daniel --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
