Y'all should look at what Facebook connect does:
http://wiki.developers.facebook.com/index.php/Session_Proxy
You can keep the secret on a server, and the server acts as a proxy for the
agent. Naturally, this raises the question of how the server knows that the
agent is legit. That said, this is
On 1/18/2010 1:19 AM, Ryan McCue wrote:
Hey guys,
I'm looking to integrate Twitter posting into an application I'm
developing. The catch to this is that because it's open source, and
programmed in PHP, I'd have to distribute the secret key with it.
What's the best way to go about this? I've
that's precisely what i would do - author your code to read from a
configuration file that contains the keys. don't distribute that
configuration file, but, instead, distribute a README or an example
configuration file that the end user would fill in.
On Mon, Jan 18, 2010 at 9:43 AM, John Meyer
You are reading it correct.
You do not want to give out your Consumer Key or Consumer Secret. If
somebody downloads the source of your application, they are most likely
going to be using it in their own application. Therefore, they need their
own Consumer Key and Consumer Secret.
Ryan
On Mon,
Something like that. Ideally, what I would do is configure the app so
that if the consumerkeys (both secret and non) are not present, the user
is directed to a screen to input those for themselves (with maybe a
helpful link to get them in the first place).
On Jan 18, 2010, at 9:46 AM,
John Meyer wrote:
Technically, you don't. All opensource requires is that you
distribute the source code, not the individual data. So you could
specify that the secret key is in a particular file and then other
users could insert their own secret key.
Right, so everyone would have to get
PHP as in web-based? Why wouldn't the user just login to the website?
Ryan
Sent from my DROID
On Jan 18, 2010 10:03 PM, Ryan McCue li...@rotorised.com wrote:
John Meyer wrote: Technically, you don't. All opensource requires is
that you distribute the so...
Right, so everyone would have to
On 1/18/2010 6:43 PM, Ryan McCue wrote:
John Meyer wrote:
Technically, you don't. All opensource requires is that you distribute
the source code, not the individual data. So you could specify that
the secret key is in a particular file and then other users could
insert their own secret key.
* Isaiah Carew isa...@me.com [100118 19:02]:
If every person that uses an app accesses the API with their own personal app
credentials that would mean the app would appear to Twitter as hundreds, or
potentially thousands, of individual applications.
One goal of application registration is
The consumer secret is not public. The consumer key can be seen in the
query parameters, but the consumer secret is not a query parameter. It
would have to be reverse engineered using the signature.
If twitter determines that a specific application is malware, I would only
hope that they would
* ryan alford ryanalford...@gmail.com [100118 20:01]:
The consumer secret is not public. The consumer key can be seen in the
query parameters, but the consumer secret is not a query parameter. It
would have to be reverse engineered using the signature.
If twitter determines that a specific
ryan alford wrote:
PHP as in web-based? Why wouldn't the user just login to the website?
Ryan
Yes, it's open source software that users run on their own servers. It
is *not* a hosted service (if it was, it'd be fine).
--
Ryan McCue
http://ryanmccue.info/
John Meyer wrote:
No, the point I was trying to make was that you don't HAVE to
distribute the key. Nothing in the open source license requires you
to give that information to another person. You can distribute it if
you want to, but you are perfectly free to give them the source code
and
13 matches
Mail list logo