Andrew, I'm not talking about a -library-. I'm talking about a -client-. If I want to produce a Twitter client, it needs its own Consumer Key and Consumer Key Secret. If want to share the source code for that client, I will also have to share it's Consumer Key and Consumer Key Secret.
You seem to know what you're talking about; perhaps you have a solution. I have written a Twitter client. This client is registered with Twitter for OAuth. How do I share the source code without exposing the Consumer Key Secret and still allow the end users to authenticate? Regards, Duane On Jul 1, 10:48 am, Andrew Badera <[email protected]> wrote: > Yes, but don't distribute it. Obviously config files are human > readable, but you blank out secrets before publishing them. > > People using open source libraries will have to get their own keys. > So, either you really are contributing in the spirit of open source, > and you don't care about getting credit, or you're doing it for self > promotional purposes, and the conversation is moot anyhow. > > "You" being any person worried about keys and open sourcing their libraries. > > > > On Wed, Jul 1, 2009 at 10:39 AM, Cameron Kaiser<[email protected]> wrote: > > >> The secret should not reside in code. The secret should reside in a > >> config file, or maybe even a machine datastore. Abstract it out, no > >> one ever needs to see anything secret in your code. > > > That's not workable. It has to be publicly accessible somehow. > > > -- > > ------------------------------------ > > personal:http://www.cameronkaiser.com/-- > > Cameron Kaiser * Floodgap Systems *www.floodgap.com* [email protected] > > -- He hadn't a single redeeming vice. -- Oscar Wilde > > --------------------------
