How can a consumer key be generated for every user? if that is to be the case then when every user registers on one of your site, there has to be a consumer key/secret exchange between your site and the service provider. This can happen as well, but key/secret exchanges are generally a one time process and it would be insecure to perform this operation on every user registration. And secondly, it does not give any advantage. You already get all the security you need with your site acting as a single consumer.
Where did you see this recommendation/implementation? can you please share the link because maybe I'm missing the motive behind it. Thanks, Monis On Dec 3, 9:04 pm, rob ganly <[email protected]> wrote: > hi guys, > > so i'm implementing oauth 1.0a (consumer and service) and have a hard- > coded consumer_key and consumer_secret on the consumer side (in a > config file). i was envisioning having one pair for each consumer > (i.e. individual site/ application) that is to use the service as i've > seen before. > > however i've also seen it suggested/implemented that each individual > user (even coming from the same consumer) use their own unique > consumer key, despite having their own unique user credentials. > > in the consumer table i have, that i adapted from an example, each > consumer has one user id associated with it, whereas i would've > imagined the relationship between consumer and user to be one to many. > > any ideas/pointers/clarification gratefully received! > > best, > > rob ganly -- You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/oauth?hl=en.
