Encrypting your consumer secret is the most important, but encrypting your access token secret isn't a bad idea at all -- I would recommend it.
There's no need to encrypt your consumer key and access token though, as they are already either sent as query parameters or within HTTP headers on every request. On Wed, Jun 2, 2010 at 6:54 AM, ctshryock <[email protected]> wrote: > I'm getting up to speed on OAuth and I haven't found a clear answer in > the existing threads; In my desktop app I request an access token and > get a key and secret back from Twitter. For storage, is it necessary > to encrypt both of those, or simply the secret? > > Thanks > +Clint >
