I want to make a thick-client, desktop, open source twitter client. I happen to

Question

I want to make a thick-client, desktop, open source twitter client. I happen to be using .NET as my language and Twitterizer as my OAuth/Twitter wrapper, and my app will likely be released as open source.

To get an OAuth token, four pieces of information are required:

Access Token (twitter user name)
Access Secret (twitter password)
Consumer Key
Consumer Secret
The second two pieces of information are not to be shared, like a PGP private key. However, due to the way the OAuth authorization flow is designed, these need to be on the native app. Even if the application was not open source, and the consumer key/secret were encrypted, a reasonably skilled user could gain access to the consumer key/secret pair.

So my question is, how do I get around this problem? What is the proper strategy for a desktop Twitter client to protect its consumer key and secret?

Explanation / Answer

I found an answer that mirrors the path I was considering going down on hueniverse. The article, Beyond the OAuth Web Redirection Flow, offers some suggestsions, one of them being a web url that proxies the token exchange process. I have to work out a way to properly authenticate that my app is what is requesting the authentication to this proxy page. However, that is possible.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.