As part of the process of creating the authentication header I need to generate the Oauth Signature and within this process an OAUTH TOKEN SECRET has to be used.
Currently, my application flow is that clients are logging in and being authenticated by twitter.
Right after that the client is sending both the access token and the client secret to my server.
On my server, both values are being stored for further authenticated calls on twitter REST api.
These calls are being done by my server on behalf of the client.
Is that a proper flow?
Is there any problem with sending the client secret to the server?
Thanks in advance