Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I’d like to do OAuth for Twitter from an iPhone app. But doing so implies that I need to have my API secret alongside my API key baked into the application binary. This is obviously undesirable.
Facebook supports the notion of a session proxy to get around the parallel issue with their API.
Can I do something like this for Twitter?
Short answer: No.
OAuth was created for and works really well for web applications. It’s a square peg in a round hole for native applications. Specification 1.0a was supposed to make it more viable for native applications, but it does little to help.
As you pointed out, one of the main problems with it is that the consumer keys have to be stored in the application. Not a problem for web applications where access to the source is limited, but a big problem for native applications.
The other major problem has to do with it providing no additional security over standard login forms for native applications, but I won’t get into that.
But since Twitter is forcing it on you if you want access to higher rate limits and your application name associated with Tweets, you have little choice.
The only way to avoid having the consumer key in your application code is to proxy all requests through your own server.