How do I store the OAuth v1 consumer key and secret for an open source desktop Twitter client without revealing it to the user?

Posted by Justin Dearing on Programmers See other posts from Programmers or by Justin Dearing
Published on 2011-08-08T01:24:51Z Indexed on 2012/09/12 15:50 UTC
Read the original article Hit count: 299

Filed under:

open-source

|

desktop-application

|

twitter

|

oauth

I want to make a thick-client, desktop, open source twitter client. I happen to be using .NET as my language and Twitterizer as my OAuth/Twitter wrapper, and my app will likely be released as open source.

To get an OAuth token, four pieces of information are required:

Access Token (twitter user name)
Access Secret (twitter password)
Consumer Key
Consumer Secret

The second two pieces of information are not to be shared, like a PGP private key. However, due to the way the OAuth authorization flow is designed, these need to be on the native app. Even if the application was not open source, and the consumer key/secret were encrypted, a reasonably skilled user could gain access to the consumer key/secret pair.

So my question is, how do I get around this problem? What is the proper strategy for a desktop Twitter client to protect its consumer key and secret?

© Programmers or respective owner

Related posts about open-source

Introducing Java/Open Source Daily, All the Java/Open Source Information You Need in One Newsletter

as seen on Internet.com - Search for 'Internet.com'
Internet.com launches a new daily newsletter to provide one-stop coverage of all the Java and Open Source information that matters to you. >>> More
Introducing Java/Open Source Daily, All the Java/Open Source Information You Need in One Newsletter

as seen on Internet.com - Search for 'Internet.com'
Internet.com launches a new daily newsletter to provide one-stop coverage of all the Java and Open Source information that matters to you. >>> More
The Open Source Open Source Conference

as seen on Internet.com - Search for 'Internet.com'
Portland, OR open source advocates took the loss of OSCON in stride: They launched their own open source conference. How did it stack up against the heavyweight, top-down competition? >>> More
Open Source: Open Source Contributions

as seen on Oracle Technology Network - Search for 'Oracle Technology Network'
Oracle investments in Linux yield substantial returns. >>> More
What are the strategies to become a good open source developer?

as seen on Programmers - Search for 'Programmers'
I always hear that involving with open source projects is good for career and the more (good) open source you release, the closer you will be to getting your dream job before you've even had an interview.I am expert in Java and I am trying to become fluent in Scala. I always think about getting involved… >>> More

Related posts about desktop-application

Desktop Application Development with Javascript, Python / Ruby

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello, Besides using Appcelerator's Titanium Desktop, are there other approaches to integrating Javascript and Ruby/Python into cross-platform desktop applications? Just trying to get a sense of the landscape here. From searching the web, it seems Titanium may be leading the charge in terms of… >>> More
Can we create desktop application with Ruby?

as seen on Programmers - Search for 'Programmers'
I know the Ruby on Rails framework is only for web development and not suitable for desktop application development. But if a ruby programmer wants to develop a desktop application, is it suitable and preferable to do it with Ruby only (not jRuby, as most of the tutorials are for jRuby)? If yes, please… >>> More
Automation testing tool for Regression testing of desktop application

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi I am working on a desktop application which uses Infragistic grids. We need to automate the regression tests for same. QTP alone does not support this, we need to buy new plug in for same which my company is not very much interested in. Do we have any open source tool for automating regression… >>> More
interaction between javascript (desktop application) and C#

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello. I am writing for my desktop some application for handling some services. I wrote in C# an application that calculates something (lets call it cl.exe) I created a .bat file that starts the cl.exe. I want to call that .bat file from my javascript so I WShell.Run(**.bat). 2 question: The… >>> More
Out of browser silverlight application vs a traditional desktop application

as seen on Stack Overflow - Search for 'Stack Overflow'
If I understand correctly, Microsoft Silverlight is a lightweight .NET implementation meant to run on the client side, inside a browser. So now I hear about "out of browser" silverlight applications and I'm confused. What is the advantage of an "out of browser" silverlight application, compared to… >>> More