I guess I'm getting terminology confused. My application is a desktop Mac applications. When I registered my app I got a Consumer Key and a Consumer Secret. These belong to my app. For a given user I go though the xAuth process and get back an Access Token, consisting of a key and secret. These belong to that particular user.
So, using the built in Keychain I need to encrypt the user Access Token secret per user as well as the app's Consumer Secret, correct? It is (relatively) safe then to store the Access Token key in something like a Core Data store, so long as the secret is encrypted. I feel like the terminology is all melding in my head between Twitter's API guide and some of the OAuth guides I've read, so I apologize for my confusion. +Clint On Wed, Jun 2, 2010 at 8:57 AM, Taylor Singletary < [email protected]> wrote: > Encrypting your consumer secret is the most important, but encrypting your > access token secret isn't a bad idea at all -- I would recommend it. > > There's no need to encrypt your consumer key and access token though, as > they are already either sent as query parameters or within HTTP headers on > every request. > > > On Wed, Jun 2, 2010 at 6:54 AM, ctshryock <[email protected]> wrote: > >> I'm getting up to speed on OAuth and I haven't found a clear answer in >> the existing threads; In my desktop app I request an access token and >> get a key and secret back from Twitter. For storage, is it necessary >> to encrypt both of those, or simply the secret? >> >> Thanks >> +Clint >> > >
