Reputation: 4132
Is it safe to distribute a Dropbox client secret with the application?
Is it safe to distribute a Dropbox client secret with the application?
For example, if I wanted to release an open source project, I would need to embed the client secret into the application (since Dropbox uses oauth 1.0).
How can this be done without the potential for abuse?
Upvotes: 0
Views: 128
Answers (1)
Reputation: 4127
Set the secret as an environment variable, then when developers use your open source app they can replace it with their own Dropbox key.
Then, exclude the file with the environment variables from your source control.
You could additionally put in some handling that raises a specific exception if the environment variable isn't set, so they know what's missing and what they have to do.
I doubt you need everyone who uses your app using your secret key, and most developers won't want to anyway, in case you ever remove it.
Upvotes: 1
Related Questions
- Dropbox api: how to save access token to reuse later?
- Dropbox API - Dropbox ruby gem (Tim Morgan): How to authorize
- Dropbox Ruby API
- omniauth-dropbox and dropbox-sdk, can they work together
- Rails and Dropbox
- How should I deal with APP_KEY and APP_SECRET (Dropbox API)
- Python Dropbox app, what should I do about app key and app secret?
- Dropbox SDK for Ruby and not requiring reauthorization
- share folder via Dropbox Ruby API
- Use of Consumer Secret in Dropbox API