I'm developing an mobile app on the iPhone. After creating an app on Facebook/Twitter, I received 2 keys:
When I use OAuth authorization as some tutorials on Google, my app must provide both keys to proceed. I'm confused as to why it needs 2 keys. As their names (id and secret), I guess that their roles is equal to public/private keys pair in Linux. But I must provide both 2 keys so that my app proceeds.
I want to place the secret key in my own Apache/PHP server, the secret place, not in my app's code. My app is only responsible for authorization, then my server proceed with other tasks, as posting,...
AppID is used for authentication, appSecrect is used for other tasks.
Consider these two documents of Facebook and Twitter about authentication for web app for more detail:
http://developers.facebook.com/docs/guides/web/#login
https://dev.twitter.com/docs/auth/oauth
Consider this flow for an implementation Facebook/Twitter app on mobile if you have an own server for the secret:
OAuth Twitter with only Consumer Key (not use Consumer Secret) on iPhone and android