本文详细介绍了OAuth 1.0协议的实施流程,包括客户端申请临时凭据、资源所有者验证临时凭据、客户端通过临时凭据请求令牌凭据等关键步骤,并提供了相关的参考链接。
OAuth(4)Introduce the oauth1.0 protocol
1. Steps of OAuth 1.0
1. client apply for the 'temporary credentials'
2. 'resource owner' verify 'temporary credentials'
3. 'client' request the 'token credentials' via 'temporary credentials'
client apply for the 'temporary credentials'
client send:
oauth_consumer_key
oauth_signature_method
oauth_timestamp(if signature_method is plaintext can ignore this.)
oauth_nonce (if signature_method is plaintext can ignore this.)
oauth_version (optional)
oauth_signature
oauth_callback (if callback is not used, use oob instead, out-of-band)
server response:
oauth_token
oauth_token_secret
oauth_callback_confirmed
'resource owner' verify 'temporary credentials'
user login the
oauth_token=xxx
, the server will redirect back to
oauth_callback?oauth_token=xxx&oauth_verifier=xxx
'client' request the 'token credentials' via 'temporary credentials'
client send:
oauth_consumer_key
oauth_token
oauth_signature_method
oauth_timestamp (if signature_method is plaintext can ignore this.)
oauth_nonce (if signature_method is plaintext can ignore this.)
oauth_version (optional)
oauth_signature
oauth_verifier
server response:
oauth_token token credentials id
oauth_token_secrect token credentials secrect
After that, we can use oauth_token and oauth_token_secrect to visit all the resources.
references:
http://hueniverse.com/oauth/guide/
http://oauth.net/core/1.0/
http://hueniverse.com/oauth/guide/authentication/
http://hueniverse.com/2010/05/introducing-oauth-2-0/
http://tools.ietf.org/html/draft-ietf-oauth-v2-22
http://www.jiangmiao.org/blog/1382.html
http://www.seven2.com.cn/archives/789/
http://blog.youkuaiyun.com/hereweare2009/article/details/3968582
http://blog.apigee.com/detail/best_practices_for_oauth_2.0_vs._oauth_1.0_-_one_year_later/
http://blog.apigee.com/detail/oauth_differences/
1. Steps of OAuth 1.0
1. client apply for the 'temporary credentials'
2. 'resource owner' verify 'temporary credentials'
3. 'client' request the 'token credentials' via 'temporary credentials'
client apply for the 'temporary credentials'
client send:
oauth_consumer_key
oauth_signature_method
oauth_timestamp(if signature_method is plaintext can ignore this.)
oauth_nonce (if signature_method is plaintext can ignore this.)
oauth_version (optional)
oauth_signature
oauth_callback (if callback is not used, use oob instead, out-of-band)
server response:
oauth_token
oauth_token_secret
oauth_callback_confirmed
'resource owner' verify 'temporary credentials'
user login the
oauth_token=xxx
, the server will redirect back to
oauth_callback?oauth_token=xxx&oauth_verifier=xxx
'client' request the 'token credentials' via 'temporary credentials'
client send:
oauth_consumer_key
oauth_token
oauth_signature_method
oauth_timestamp (if signature_method is plaintext can ignore this.)
oauth_nonce (if signature_method is plaintext can ignore this.)
oauth_version (optional)
oauth_signature
oauth_verifier
server response:
oauth_token token credentials id
oauth_token_secrect token credentials secrect
After that, we can use oauth_token and oauth_token_secrect to visit all the resources.
references:
http://hueniverse.com/oauth/guide/
http://oauth.net/core/1.0/
http://hueniverse.com/oauth/guide/authentication/
http://hueniverse.com/2010/05/introducing-oauth-2-0/
http://tools.ietf.org/html/draft-ietf-oauth-v2-22
http://www.jiangmiao.org/blog/1382.html
http://www.seven2.com.cn/archives/789/
http://blog.youkuaiyun.com/hereweare2009/article/details/3968582
http://blog.apigee.com/detail/best_practices_for_oauth_2.0_vs._oauth_1.0_-_one_year_later/
http://blog.apigee.com/detail/oauth_differences/
扫一扫
1561
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
