This is interesting Chris, as I have had the same question.  How would
you propose to distribute a usable FLOSS twitter app that uses Oauth to
authenticate itself but doesn't include the app's consumer key and
consumer secret?  fetch the key and secret at runtime from a secure
server somewhere?  that could be trivially intercepted.

Joseph Cheek
@cheekdotcom

Chris Babcock wrote:
> On Sun, 16 Aug 2009 18:49:49 -0400
> Jason Martin <legos.j...@gmail.com> wrote:
>
>   
>> On another note, how "Open Source friendly" is OAuth? I'm not sure
>> if people who write open source software want to be giving out their  
>> Consumer Secret key in their source code
>>     
>
> Reasoning from a faulty premise.
>
> When you know your code is going to be seen you either avoid doing
> stupid things like hard coding credentials or you learn fast that
> configuration data is not code.
>
> (Now where I did leave my virtual haddock?)
>
> Chris Babcock
>
>
>
>   

Reply via email to