OAuth(4)Introduce the oauth1.0 protocol
1. Steps of OAuth 1.0
1. client apply for the 'temporary credentials'
2. 'resource owner' verify 'temporary credentials'
3. 'client' request the 'token credentials' via 'temporary credentials'
client apply for the 'temporary credentials'
client send:
oauth_consumer_key
oauth_signature_method
oauth_timestamp(if signature_method is plaintext can ignore this.)
oauth_nonce (if signature_method is plaintext can ignore this.)
oauth_version (optional)
oauth_signature
oauth_callback (if callback is not used, use oob instead, out-of-band)
server response:
oauth_token
oauth_token_secret
oauth_callback_confirmed
'resource owner' verify 'temporary credentials'
user login the
oauth_token=xxx
, the server will redirect back to
oauth_callback?oauth_token=xxx&oauth_verifier=xxx
'client' request the 'token credentials' via 'temporary credentials'
client send:
oauth_consumer_key
oauth_token
oauth_signature_method
oauth_timestamp (if signature_method is plaintext can ignore this.)
oauth_nonce (if signature_method is plaintext can ignore this.)
oauth_version (optional)
oauth_signature
oauth_verifier
server response:
oauth_token token credentials id
oauth_token_secrect token credentials secrect
After that, we can use oauth_token and oauth_token_secrect to visit all the resources.
references:
http://hueniverse.com/oauth/guide/
http://oauth.net/core/1.0/
http://hueniverse.com/oauth/guide/authentication/
http://hueniverse.com/2010/05/introducing-oauth-2-0/
http://tools.ietf.org/html/draft-ietf-oauth-v2-22
http://www.jiangmiao.org/blog/1382.html
http://www.seven2.com.cn/archives/789/
http://blog.csdn.net/hereweare2009/article/details/3968582
http://blog.apigee.com/detail/best_practices_for_oauth_2.0_vs._oauth_1.0_-_one_year_later/
http://blog.apigee.com/detail/oauth_differences/
OAuth(4)Introduce the oauth1.0 protocol
猜你喜欢
转载自sillycat.iteye.com/blog/1265923
今日推荐
周排行