Putting API key and secret in my Firefox addon

Question

I am developing a Firefox addon and I want to integrate with some third party service that uses oauth for authentication. I therefore have an API key and secret that I need to use to communicate with their API. If I were to include my API key and secret in the source code of the addon, would people (users of the addon, etc) be able to figure the key and secret out? Is there some mechanism in the SDK to store secrets in addons?

The alternative, that I used in my proof of concept, is that I ask the user to generate a key and secret and enter those into the settings. This works, but isn't very user friendly.

Edit:

To clarify, in reaction to a comment, I am not looking for keeping the secrets out of the source code, I am looking for a way to use my own secrets in my addon and keeping them secret to the public. So they would be shipped to everyone using my addon.

Answer 1

If I were to include my API key and secret in the source code of the addon, would people (users of the addon, etc) be able to figure the key and secret out? Is there some mechanism in the SDK to store secrets in addons?

You're asking whether it's possible to make data inaccessible to a user who has full control over the computer but make it accessible to software running on the very same computer over which the user has full control.

No.

The alternative, that I used in my proof of concept, is that I ask the user to generate a key and secret and enter those into the settings. This works, but isn't very user friendly.

Then automate the process to make it more user-friendly?