I want to develope a Twitter client for Chrome. I have seen JS files of existing twitter extensions for Chrome. And found their consumer key and secrets are exposed. I believe It’s not the way that it should be.
I want to share my opinion that is server side. That user need to signup on my website. Have oAuth on that web. I will save their access tokens. And when they install my Chrome extension. I will ask them to login. And every time when they will tweet, I will fetch their access tokens online and made their tweet possible.
In this way, my keys will remain hidden. I don’t want to use Chrome OAuth. (http://code.google.com/chrome/extensions/tut_oauth.html)
Do you think my server side implementation of OAuth is better than JS implementaion?