Andrew,

I'm not talking about a -library-.  I'm talking about a -client-.  If
I want to produce a Twitter client, it needs its own Consumer Key and
Consumer Key Secret.  If want to share the source code for that
client, I will also have to share it's Consumer Key and Consumer Key
Secret.

You seem to know what you're talking about; perhaps you have a
solution.  I have written a Twitter client.  This client is registered
with Twitter for OAuth.  How do I share the source code without
exposing the Consumer Key Secret and still allow the end users to
authenticate?

Regards,
Duane

On Jul 1, 10:48 am, Andrew Badera <and...@badera.us> wrote:
> Yes, but don't distribute it. Obviously config files are human
> readable, but you blank out secrets before publishing them.
>
> People using open source libraries will have to get their own keys.
> So, either you really are contributing in the spirit of open source,
> and you don't care about getting credit, or you're doing it for self
> promotional purposes, and the conversation is moot anyhow.
>
> "You" being any person worried about keys and open sourcing their libraries.
>
>
>
> On Wed, Jul 1, 2009 at 10:39 AM, Cameron Kaiser<spec...@floodgap.com> wrote:
>
> >> The secret should not reside in code. The secret should reside in a
> >> config file, or maybe even a machine datastore. Abstract it out, no
> >> one ever needs to see anything secret in your code.
>
> > That's not workable. It has to be publicly accessible somehow.
>
> > --
> > ------------------------------------ 
> > personal:http://www.cameronkaiser.com/--
> >  Cameron Kaiser * Floodgap Systems *www.floodgap.com* ckai...@floodgap.com
> > -- He hadn't a single redeeming vice. -- Oscar Wilde 
> > --------------------------

Reply via email to