On Aug 7, 10:52 am, "@epc" <epcoste...@gmail.com> wrote: > What's the approved open source solution to this problem?
You don't have to make it a full-fledged web app as Ed Borasky says. You can also use a server-side proxy that holds your API key&secret and signs API calls. Of course this means all of your application's traffic will funnel through your server instead of going direct to twitter, which is obviously not good. And I'll also repeat what Julio Biason said, that this is not actually an open source vs. closed source issue. Closed source desktop & mobile applications also have their app key&secret built into the app. Anyone with a debugger can extract them. OAuth is a web authentication protocol. It was not designed to authenticate desktop and mobile apps, and should not be used for that.