Hi all,

I'm wondering why there's a "secret" key if you need to include it with
desktop applications... Of course, there's the client secret key which
needs to remain secret, but why is there a secret key for applications
if it doesn't remain secret?

Is it the combination of the 4 keys that always needs to remain private?
The consumer key, consumer secret, and client token are, of course, safe
to present to people (but still unwise, so I won't).

It simply doesn't feel right to be including "secret" keys in an
application - everyone could see them and they wouldn't be secret, would
they?

As far as I have seen so far, the only thing you can do with a consumer
secret key, is signing the requests and requesting tokens (or, in my
case, use xAuth). Is there any reason why I shouldn't include the secret
key in my application? Anything that can damage my twitter account
and/or the application?

Tom

Reply via email to