There are no app-specific servers. With OAuth, instead of passing user credentials, you use YOUR consumer key and consumer secret which identifies your application.
You get an access token after the user has allowed your application to have access to their account. You will then use that access token, your consumer secret, and your consumer key to make the requests to the API. Ryan On Sat, Nov 7, 2009 at 8:13 AM, Harshad RJ <harshad...@gmail.com> wrote: > Hi, > > I am trying to wrap my mind around OAuth, and I am not sure I understand > the subtleties. > > Is it possible to make OAuth authenticated requests from browser *directly > * to the Twitter API? Is it a safe & recommended way? > > Or do all API requests have to go through an application-specific server, > to keep the credentials a secret? > > My hunch is that yes, an app-specific server would be required. But in that > case, how do desktop-clients manage it? Or do they also route the calls > through an intermediary? > > thanks in advance, > -- > Harshad RJ > http://hrj.wikidot.com >