I have a WPF application that will allow messages to be posted via a Twitter Application I have created.
From what I understand the Consumer Key and Consumer Secret are used in conjunction with the generated PIN to create the Access Key and Access Secret.
Now I would like the Consumer Key and Consumer Secret to be stored within my application as when it comes to distribution the user simply needs to authorise the Twitter Application and then messages can be posted.
I'm currently storing the consumer key/secret and the access key/secret within the Settings.settings file against my WPF application for easy of access programmatically, however I recognise that this may not be a secure way as the settings are easily read as XML.
This leads me to my questions:
1) Am I right in storing the Consumer Key/Secret to ensure that the user authorises my Twitter application?
2) If I store the Access Key/Secret within the Settings.settings file are these enough to verify that the user has access to my Twitter Application?
3) Twitter notes that the Consumer Key/Secret should not be readable by other users, what would be the best method of doing so?
4) How should I handle when the user closes/opens my WPF application in terms of authorisation, can I re-use the stored Access Key/Secret details?
Apologies if my questions conflict/makes no sense - I'm quite new to OAuth.
