I thought about doing the proxy, but I liked having the device do it itself and alot less code just having the device do it. I will just hard code it. I would assume we can invalidate a token if for some reason it is comprimised. Like managing applications in FaceBook.
Eric On Aug 11, 9:36 am, Tom van der Woerdt <i...@tvdw.eu> wrote: > On 8/11/10 6:30 PM, ERenken wrote: > > > So how can I use OAuth on a hardware device we are creating that > > doesn't have a UI? Can I share the key between all the devices? This > > is only twittering to 1 account that we have created. Seems like > > OAuth is going to make stuff like this harder for people to develope. > > Seems like it would have just bee easier for security if you would > > have added HTTPS and left basic auth. At least for embedded devices > > so they could send tweets. > > If there's no chance of the key leaking to people outside of your > company (or whoever uses your application) then I don't see why not. > It's always better than sharing username/password like with Basic Auth, > and if they all use the same account, it's no problem at all. > > Of course, a better solution would be to create a simple proxy, but that > may take some more programming and money if you don't have a server for it. > > Tom