Oauth

From My Wiki
Jump to: navigation, search

OAuth is an authentication protocol that allows users to approve application to act on their behalf without sharing their password.

After registering a OAuth authenticating application you are typically given the following:

Consumer Key (API Key):       (...)
Consumer Secret (API Secret): (...)
Request token URL:            (e.g. https://api.twitter.com/oauth/request_token)
Authorize URL:                (e.g. https://api.twitter.com/oauth/authorize)
Access token URL:             (e.g. https://api.twitter.com/oauth/access_token)

Here's how these are used in a typical OAuth workflow.

1. First submit a POST request to the Request URL with the Consumer Key to obtain an OAuth Request Token.
2. User is then goes to the Authorize URL (GET request) with the OAuth Request Token submitted as a parameter. 
3. User then logins and clicks Accept to authorize the application to act on their behalf. The website gives back an oauth_verifier .
4. This oauth_verifier is then submitted to the Access URL (POST request) to get a final oauth_token and oauth_token_secret .
5. The oauth_token is submitted with the http request (along with some other parameters) to authenticate the request.

More detail see this example code: http://git.alaning.me/root/OAuth