Created
June 29, 2011 22:49
-
-
Save gorakhargosh/1055199 to your computer and use it in GitHub Desktop.
OAuth 1.0 Client in simple words
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Authorization in simple words: | |
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
1. Construct a client with its client credentials. | |
2. Send an HTTP request for temporary credentials with a callback URL | |
which the server will call with an OAuth verification code. | |
3. Parse out temporary credentials from a successful server response. | |
4. Using the temporary credentials build an authorization URL and | |
redirect the resource owner (end-user) to the generated URL. | |
5. If a callback is not provided when requesting temporary credentials, | |
the server displays the OAuth verification code to the resource owner | |
(end-user), which she then types into your application. | |
OR | |
If a callback URL is provided, the server redirects the resource owner | |
(end-user) after authorization to your callback URL attaching the | |
OAuth verification code as a query parameter. | |
6. Using the obtained OAuth verification code from step 5 and the | |
temporary credentials obtained in step 3, send an HTTP request for | |
token credentials. | |
7. Parse out the token credentials from a successful server response. | |
8. Save the token credentials for future use (say in a database). | |
Accessing a resource: | |
~~~~~~~~~~~~~~~~~~~~~ | |
1. Construct a client with its client credentials. | |
2. Using the token credentials that you have saved (say, in a database), | |
send an HTTP request to a resource URL. | |
3. Obtain the response and deal with it. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment