There are a couple of recent threads here talking about this very problem. You're right in thinking that a consumer key/secret passed to the app like that is not secure and could be copied over to another app. For one approach, Google's has been to use anonymous/anonymous as the key/secret pair and have the SP know that this is a special untrusted pairing. But the short answer is that, as far as I know, there is not a direct solution to this issue yet.
Check the archives of this list here for posts desktop/heavy apps for more info. -- justin On Jun 8, 1:58 am, joaquindiez <[email protected]> wrote: > Hi all, > > I am developing my first Flex Widget and I have to use OAuth to access > the provider information. This provider has give the access key and > secret. > > The question is if it is secure enough to store it hardcoded in the > widget ( I do not think so)....or if some of you have use another > solution on a similar problem...like in Iphone application.. or > desktop applications that use OAUTH. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
