So, I after spending the day looking through documentation,
developer's discussion and testing various OAuth code bits, it is my
understanding that there is no secure OAuth solution for open-source
PHP developers. But, the August 16th deadline is still looming. And I
have to be able to integrate, test, and distribute my app; with enough
time left over for my user base to upgrade their sites with the new
OAuth version.

So, my intention then is to integrate my app with the well documented
PHP solutions for integration, which all use the consumer key and
secret openly in the source code. This means that anyone who would
like my app's consumer secret (or would like to build an app that
masquerades as my app) will be able to download my app read through
the source code and easily copy and paste the consumer secret out of
the source code.

This doesn't seem very secure.... or secret to me.

Am I missing something??

Reply via email to