Logo Questions Linux Laravel Mysql Ubuntu Git Menu

How to keep OAuth settings a secret?

After creating my Twitter application, the following warning was displayed:

OAuth settings

Your application's OAuth settings. Keep the "Consumer secret" a secret. This key should never be human-readable in your application.

How do I keep my "Consumer Secret" a secret?

Twitter_test.php (source: Jimbo)

// Set access tokens here
$settings = array(
    'oauth_access_token' => "My Oauth Access Token",
    'oauth_access_token_secret' => "My Oauth Access Token Secret",
    'consumer_key' => "My Consumer Key",
    'consumer_secret' => "My Consumer Secret"   

$url = 'https://api.twitter.com/1.1/followers/ids.json';
$getfield = '?username=somename';
$requestMethod = 'GET';
$twitter = new TwitterAPIExchange($settings);
echo $twitter->setGetfield($getfield)
             ->buildOauth($url, $requestMethod)


TwitterAPIExchange (source: twitter-api-php)

like image 792
Anthony Avatar asked Mar 25 '23 01:03


1 Answers

I'd create a library integrated with the Twitter Api, and store the data in a config file in application/config/ as mentioned in given link.

To please Twitter, simply parse:


echo $this->encrypt->encode('your given secret here');

Take the output, store it inside the config file, and when you're fetching it:


$str_secret = $this->encrypt->decode($config['secret']);
  • Encryption
    -Don't forget to set a key as described in this link.

Note that they demand you to do that for maximum security, in case someone would get control over your ftp or similiar. However if it can be decoded, it can be read. This isn't the ultimate solution, but simply a bit more reliable one.

like image 58
Robin Castlin Avatar answered Apr 06 '23 02:04

Robin Castlin