This is interesting Chris, as I have had the same question. How would you propose to distribute a usable FLOSS twitter app that uses Oauth to authenticate itself but doesn't include the app's consumer key and consumer secret? fetch the key and secret at runtime from a secure server somewhere? that could be trivially intercepted.
Joseph Cheek @cheekdotcom Chris Babcock wrote: > On Sun, 16 Aug 2009 18:49:49 -0400 > Jason Martin <legos.j...@gmail.com> wrote: > > >> On another note, how "Open Source friendly" is OAuth? I'm not sure >> if people who write open source software want to be giving out their >> Consumer Secret key in their source code >> > > Reasoning from a faulty premise. > > When you know your code is going to be seen you either avoid doing > stupid things like hard coding credentials or you learn fast that > configuration data is not code. > > (Now where I did leave my virtual haddock?) > > Chris Babcock > > > >