Reverse Auth for non-iOS platforms


So, it’s entirely possible I’ve got some of this process wrong, correct me if I have.

I have a client mobile application (iOS, Android, Windows Phone) which connects to a RESTful API ( node.js, mongo ).

If I want to OAuth a twitter user so I can pull their data server side do some stuff, create an account with their data, I should be using Reverse Auth, except this is only available for iOS correct?

Regarding client secrets, I assume aside from wrapping the oauth/authenticate on my server, I’ll need to bake my secrets into the app?