Authentication in client-side app



I’m writing a simple command-line program to be distributed publicly and run client-side.

I’d like the program to post to a user’s Twitter timeline after authenticating their account via pin-based authentication. I’d also like to avoid the user having to create their own Twitter App and inputting keys and secrets.

All pin-based authentication I can find requires hardcoding my own Twitter app key and secret, allowing clients to spoof my identity. Are there any options that avoid this?

Client side app deployment which follows tweets real time

OAuth 1 requires all requests be signed with the consumer secret which basically makes it impossible to use it on client controlled environments. The most common solution is to run an API server that your client apps connect to which then performs the authenticated requests to Twitter keeping the API secrets safe.