Oauth_token and oauth_token_secret only?

security
oauth

#1

Is it possible to use twitter API having oauth_token and oauth_token_secret only on client?

I’m getting these tokens via a standard Oauth flow via server-side part of my app, but
I wonder if I can send requests from the client using just these 2, keeping secret stuff on the server.

The idea is that once I’ve got the tokens, I’ve confimed my identity and should be allowed to use just them(for some time, at least, refreshing them eventually).


#2

Authenticated user requests to the Twitter API need four values. The consumer key and secret and the user access token and secret. All four are needed to create valid signatures.