Hi Andrew, If you're distributing your plugin for WordPress, you would want to ensure that it doesn't contain any OAuth consumer keys (API keys) or secrets within the source code. You'd instruct implementors to come to http://dev.twitter.com/apps to create an application and give them a UI or configuration file to enter their consumer key and consumer secret in a safe place resistant to tampering.
In short, your analysis is correct. There are cases where you might more tightly control the distribution of your plugin and the hosts that utilize it where these best practices might be a bit more flexible. Taylor Singletary Developer Advocate, Twitter http://twitter.com/episod On Wed, Apr 28, 2010 at 10:54 AM, Andrew <tweetligh...@gmail.com> wrote: > I am in the process of creating a plugin for wordpress. I was told > that when using oauth with a plugin I can't actually make the plugin > act natively because each time that the plugin is installed each user > has to have their own api credentials is this correct? > > Thanks in advance! >