Feel free to launch. Just be aware that OAuth support is in beta, has known issues and might have future issues.
On Mon, Mar 23, 2009 at 11:18, Nial <nia...@gmail.com> wrote: > > Just a little bump. Regarding question 2, having asked on the OAuth > mailing list I've since setup an auto-update system whereby my widget > is capable of remotely updating the consumer key and secret, should > they ever be used maliciously by a third party. > > The first question stands, though! > > On Mar 21, 12:20 pm, Nial <nia...@gmail.com> wrote: > > Gosh! Another post in as many days. Sorry, folks. This isn't about > > implementation, thankfully. I've got OAuth working nicely and I first > > want to say that you've done a great job with it. It's very smooth. > > > > Now, time for a few questions: > > > > 1) When the OAuth beta was private you suggested that people hold off > > doing public releases containing OAuth authentication to avoid huge > > amounts of bug reports. What's your stance with the public beta? > > Obviously I understand that your OAuth implementation is still 'beta', > > but having played with it for a while I'm happy enough to push it to > > users. > > 2) Secondly, what's your stance on secret keys/token in Javascript? In > > my implementation it's fairly easy to dig around and find such > > information. I understand this is a constant topic of debate amongst > > OAuth users, but wanted to get your stance on users putting out third- > > party Twitter apps where such information is readily accessible. > > > > Thanks > -- Abraham Williams | http://the.hackerconundrum.com Web608 | Community Evangelist | http://web608.org This email is: [ ] blogable [x] ask first [ ] private. Sent from: Madison WI United States.
