Hi, I've got a question about how open-source applications are expected to behave under OAuth. In order to not violate the GPL, I am going to have to include my client and secret key in the application source available online.
This would allow another client, spoofer, etc., to pretend to be Adium for the sake of gaining access, right? Is this the only major concern involved? I'm wondering if there's some kind of idea in place about how this might affect things. For example, if a second Adium request is presented, it's entirely possible that it's valid (since multiple computers might be used with Adium on it) so there's no way to say "only one access for this Application is valid" or anything like that. The OAuth website alludes to the fact that it might be a tricky situation for open-source apps, but says absolutely nothing about it, and that it "may" be a bad thing. Appreciate the response. Zachary West @zacwest
