I have the same question. I need to add Twitter OAuth to my widely
distributed PHP based open-source CMS add-on. All the documentation
says never ever distribute your consumer secret, which I understand
why this would be a bad idea. Yet all of the documentation/examples I
have found require that the consumer secret be hard-coded into the
source.

The closes thing I have found, that doesn't require the consumer
secret embedded in the source, is a description of how it might work,
http://groups.google.com/group/twitter-development-talk/browse_thread/thread/c18ade9d86c8b239
But, I cannot find any docs/examples where this scenario has actually
been implemented.

On Jul 23, 6:06 am, MindcrimeNL <hostmas...@gab-ev.de> wrote:
> I'm sorry if this has been asked before:
>
> I've written a twitter module for ClanSphere Clan CMS and I'm now
> converting it to use OAuth.
> I finally got it working, but I have question about theConsumerSecret.
>
> I registered the application under my twitter account and obtained 
> aConsumerKey andConsumerSecret.
>
> The module is (will be) publicly available for download and webmasters
> just have to install the module in their own ClanSphere Clan CMS to be
> able to use it and make it possible for all users on their website to
> post tweets via that module.
>
> But, to prevent the hassle of all these webmasters, so that they not
> need to register an application on their own and install their ownConsumerKey 
> andConsumerSecret. How do I make it possible that every
> can make use of my registered application? As I understand from the
> name, theConsumerSecretis "secret", so I should not distribute it
> to the community...
>
> Every user should (as access tokens currently don't expire) only need
> to allow my application only once, in order to be able to use the
> twitter module:
> "An application would like to connect to your account
> The application ClanSphere Module by Mindcrime, Geh aB Clan would like
> the ability to access and update your data on Twitter. Not using
> Twitter? Sign up and Join the Conversation!
>
> ALLOW | DENY"
>
> Sorry, but a lot of the webmasters, using CMS systems, don't know
> anything about code/PHPand are just capable of uploading some
> files... I would not like to think that I have to explain to them how
> to register the application in Twitter and change the code in the
> correct place...
>
> How can anyone make a public module that way?
>
> Thanks for the help...

Reply via email to