Sorry over looked the access token being included. I still do not think this fits well with open source desktop apps. I think for now just not distributing a key with the app's source, but provide it when the app is built (hidden in the binary or such).
On Sat, Jun 12, 2010 at 10:09 AM, Cameron Kaiser <spec...@floodgap.com>wrote: > > Not sure I totally like this idea. Seems almost like double > authentication > > to me. > > The user has to still sign in via the web to replicate the app and then > we > > have to fetch an access token > > again by asking for their credentials?? So its like doing a 3-legged > dance + > > the xAuth. > > No. The process generates a user access token along with a new "child" app > key in one step. There is no additional xAuth step, and I suspect Twitter > won't want xAuth-enabled app keys to be "childed" in any case. Like any > user > token, it does not expire until the user revokes it, which I assume in this > case will probably never occur since it can only ever be used by the app > key > "child" instance they themselves generated. > > -- > ------------------------------------ personal: > http://www.cameronkaiser.com/ -- > Cameron Kaiser * Floodgap Systems * www.floodgap.com * > ckai...@floodgap.com > -- Put down your guns, it's Weasel Stomping Day! > ------------------------------ >