I'm building an desktop app in .NET/C# that on behalf of the user authenticates through OAUTH to access Google Analytics API.
The method I'm trying to use for authenticating is described on http://heartofangel.com/tutorial-authenticating-with-google-oauth/.
Anonymous authentication is not an option in my case as I would get very limited API access, so I've registered my app on Google console and I have a ConsumerKey and ConsumerSecret.
What is best practise in securing these? (These strings could be quite easily found by decompiling my dll.) Do I need worry?
I'm not too fond of the idea of having a server proxy as my application is free.
I had a similar problem storing SSL keys in my windows app. I've ending up using .NET Reactor to protect my app and encrypt the embedded strings. Eziriz .NET Reactor is not free but so far it has proved to be the best solution, my app it's on the market for 5 years now and it didn't get cracked.