oauth 1.0 notes
oAuth 1.0 flow
A good explanation image from oauth.net:
Flow description:
- Consumer has Consumer Key and Consumer Secret (shared secret)
- A) Consumer requests Request Token
- call
get_request_token
from Service Provider, sendoauth_consumer_key
oauth_signature_method
oauth_signature
- ...
- here
oauth_signature
- is signature of the request created using Consumer Secret, simplified example: $signature = md5($request_text . $consumer_secret)
- both sides (Consumer and Service Provider) knows consumer_secret and able to perform this operation, so Service Provider can check whether signature is valid
- call
- B) Service provider returns Request Token
oauth_token
oauth_token_secret
- C) Consumer redirects User to Service Provider
oauth_token
(request token from B)
- D) User confirms access and Service Provider redirects User to Consumer
oauth_token
(request token from B)oauth_verifier
(request token verifier)
- E) Consumer requests Access Token
- call
get_access_token
, sendoauth_consumer_key
oauth_token
(request token from B)oauth_signature_method
oauth_signature
- ...
oauth_verifier
- here oauth_signature - is signature of the request created using request token secret from B
- note, that on step A Consumer uses his consumer_secret to sign the request and here he use request token secret
- call
- F) Service provider grants Access Token
oauth_token
oauth_token_secret
- G) Consumer Accesses Protected Resources
- request includes
oauth_consumer
keyoauth_token
(request token from F)oauth_signature_method
oauth_signature
- ...
- here
oauth_signature
created using Access Token secret
- request includes
Links
yii implementations
php implementations
list of libraries on oauth.net
No comments:
Post a Comment