Just a little bump. Regarding question 2, having asked on the OAuth mailing list I've since setup an auto-update system whereby my widget is capable of remotely updating the consumer key and secret, should they ever be used maliciously by a third party.
The first question stands, though! On Mar 21, 12:20 pm, Nial <nia...@gmail.com> wrote: > Gosh! Another post in as many days. Sorry, folks. This isn't about > implementation, thankfully. I've got OAuth working nicely and I first > want to say that you've done a great job with it. It's very smooth. > > Now, time for a few questions: > > 1) When the OAuth beta was private you suggested that people hold off > doing public releases containing OAuth authentication to avoid huge > amounts of bug reports. What's your stance with the public beta? > Obviously I understand that your OAuth implementation is still 'beta', > but having played with it for a while I'm happy enough to push it to > users. > 2) Secondly, what's your stance on secret keys/token in Javascript? In > my implementation it's fairly easy to dig around and find such > information. I understand this is a constant topic of debate amongst > OAuth users, but wanted to get your stance on users putting out third- > party Twitter apps where such information is readily accessible. > > Thanks