On Aug 7, 10:52 am, "@epc" <epcoste...@gmail.com> wrote:
> What's the approved open source solution to this problem?

You don't have to make it a full-fledged web app as Ed Borasky says.
You can also use a server-side proxy that holds your API key&secret
and signs API calls.  Of course this means all of your application's
traffic will funnel through your server instead of going direct to
twitter, which is obviously not good.

And I'll also repeat what Julio Biason said, that this is not actually
an open source vs. closed source issue.  Closed source desktop &
mobile applications also have their app key&secret built into the
app.  Anyone with a debugger can extract them.

OAuth is a web authentication protocol.  It was not designed to
authenticate desktop and mobile apps, and should not be used for that.

Reply via email to