• If you are citizen of an European Union member nation, you may not use this service unless you are at least 16 years old.

  • Social distancing? Try a better way to work remotely on your online files. Dokkio, a new product from PBworks, can help your team find, organize, and collaborate on your Drive, Gmail, Dropbox, Box, and Slack files. Sign up for free.

View
 

Signed Callback URLs

Page history last edited by eaton.lists@... 11 years, 1 month ago
Changes to OAuth 1.0 are marked in red.

1. Consumer requests request token. Included in the request:

  1. oauth_consumer_key: the Consumer key
  2. oauth_signature_method: the signature method used
  3. oauth_signature: the signature
  4. oauth_timestamp: as defined in OAuth spec
  5. oauth_nonce: as defined in OAuth spec
  6. oauth_version: OPTIONAL. If present, MUST be 1.0. If absent, MUST be assumed to be 1.0
  7. oauth_callback: OPTIONAL. URL to which to return the user after authorization
 

2. Service Provider issues an Unauthorized Request Token. The SP MUST associate the callback URL sent in Step 1 with the request token it issues. It can do that either in local storage, or by encoding the callback URL in the request token in an unforgeable way. Response includes:

  1. oauth_token: the request token
  2. oauth_token_secret: the request token secret
  3. oauth_callback_accepted=1 
 

3. Consumer sees that SP supports oauth_callback URL by checking for oauth_callback_accepted parameter.  Consumer Directs User to the Service Provider. Parameters include:

  1. oauth_token: OPTIONAL
  2. oauth_callback: REMOVED
 

4. Service Provider Authenticates User and Obtains Consent

  1. as in OAuth spec
 

5. Service Provider Redirects the User Back to Consumer. This only happens if the Consumer sent a callback in Step 1. Included in the request:

  1. oauth_token: REQUIRED
  2. oauth_verifier: REQUIRED. The oauth_verifier MUST be associated with the OAuth consumer and OAuth request token.

6. Obtaining an Access Token. Included in the request:

  1. oauth_consumer_key: the consumer key
  2. oauth_token: the request token obtained in Step 2.
  3. oauth_signature_method: signature method
  4. oauth_signature: the signature
  5. oauth_timestamp: as in the OAuth spec
  6. oauth_nonce: as in the OAuth spec
  7. oauth_version: OPTIONAL. If present, MUST be 1.0. If absent, MUST be assumed to be 1.0
  8. oauth_verifier: REQUIRED. The verifier obtained in Step 5. The Service Provider MUST check that the OAuth verifier was originally issued for the OAuth consumer key and request token.
 

7. Service Provider Grants an Access Token. Included in the request:

  1. oauth_token: the access token
  2. oauth_token_secret: the access token secret

 

Comments (0)

You don't have permission to comment on this page.