Hey Clint,

There is a lot of terminology to get your head round so don't worry about
asking for clarification. To add to Taylor's comment it may also be helpful
to know that the user token and secret you get back is unique to your
application. This means that user token and secret won't work with another
developers application.


On Wed, Jun 2, 2010 at 2:09 PM, Clint Shryock <cl...@ctshryock.com> wrote:

> I guess I'm getting terminology confused.
> My application is a desktop Mac applications.  When I registered my app I
> got a Consumer Key and a Consumer Secret.  These belong to my app.
> For a given user I go though the xAuth process and get back an Access
> Token, consisting of a key and secret.  These belong to that particular
> user.
> So, using the built in Keychain I need to encrypt the user Access Token
> secret per user as well as the app's Consumer Secret, correct?
> It is (relatively) safe then to store the Access Token key in something
> like a Core Data store, so long as the secret is encrypted.
> I feel like the terminology is all melding in my head between Twitter's API
> guide and some of the OAuth guides I've read, so I apologize for my
> confusion.
> +Clint
> On Wed, Jun 2, 2010 at 8:57 AM, Taylor Singletary <
> taylorsinglet...@twitter.com> wrote:
>> Encrypting your consumer secret is the most important, but encrypting your
>> access token secret isn't a bad idea at all -- I would recommend it.
>> There's no need to encrypt your consumer key and access token though, as
>> they are already either sent as query parameters or within HTTP headers on
>> every request.
>> On Wed, Jun 2, 2010 at 6:54 AM, ctshryock <cl...@ctshryock.com> wrote:
>>> I'm getting up to speed on OAuth and I haven't found a clear answer in
>>> the existing threads; In my desktop app I request an access token and
>>> get a key and secret back from Twitter.  For storage, is it necessary
>>> to encrypt both of those, or simply the secret?
>>> Thanks
>>> +Clint


Matt Harris
Developer Advocate, Twitter

Reply via email to