What is OAuth?
- OAuth is a simple way to publish and interact with protected data.
- It is a safer way to give people access to this data when they are calling an API, as each request to the API is signed with encrypted details that only last for a defined duration (e.g. 2 Hours)
- There are quite a few services out there that use the OAuth standard and some of the big ones are Twitter, Twitpic, Digg and Flickr.
High level OAuth process
- Register application with the service that you are developing it for. e.g. Twitter, Twitpic, SoundCloud etc.
- You will receive a consumer key and secret.
- The application then initiates the OAuth process by passing the consumer key and the consumer secret.
- The service will return a Request Token.
- The user now needs to grant approval for the application to run requests.
- Once the user has granted permission application need to exchange the request token for an access token.
- Once an access token is received, application use this to sign all http requests with application credentials and access token.