I thought about doing the proxy, but I liked having the device do it
itself and alot less code just having the device do it.  I will just
hard code it.  I would assume we can invalidate a token if for some
reason it is comprimised.  Like managing applications in FaceBook.


On Aug 11, 9:36 am, Tom van der Woerdt <i...@tvdw.eu> wrote:
> On 8/11/10 6:30 PM, ERenken wrote:
> > So how can I use OAuth on a hardware device we are creating that
> > doesn't have a UI?  Can I share the key between all the devices?  This
> > is only twittering to 1 account that we have created.  Seems like
> > OAuth is going to make stuff like this harder for people to develope.
> > Seems like it would have just bee easier for security if you would
> > have added HTTPS and left basic auth.  At least for embedded devices
> > so they could send tweets.
> If there's no chance of the key leaking to people outside of your
> company (or whoever uses your application) then I don't see why not.
> It's always better than sharing username/password like with Basic Auth,
> and if they all use the same account, it's no problem at all.
> Of course, a better solution would be to create a simple proxy, but that
> may take some more programming and money if you don't have a server for it.
> Tom

Reply via email to