Hello, How does OAuth deal with client apps that can be "decompiled"? If I want to build a client app that uses an OAuth service like Twitter how do I protect my secret key? All it takes one person to hack the client and share the secret key and then my app would be vulnerable to spoofing. The best approach would be to never share the secret key on the client.
How can OAuth deal with this? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
