What is OAuth? – Basic Understanding

What is OAuth?

  • OAuth is a simple way to publish and interact with protected data.
  • It is a safer way to give people access to this data when they are calling an API, as each request to the API is signed with encrypted details that only last for a defined duration (e.g. 2 Hours)
  • There are quite a few services out there that use the OAuth standard and some of the big ones are Twitter, Twitpic, Digg and Flickr.

High level OAuth process

  • Register application with the service that you are developing it for. e.g. Twitter, Twitpic, SoundCloud etc.
    • You will receive a consumer key and secret.
  • The application then initiates the OAuth process by passing the consumer key and the consumer secret.
  • The service will return a Request Token.
  • The user now needs to grant approval for the application to run requests.
  • Once the user has granted permission application need to exchange the request token for an access token.
  • Once an access token is received, application use this to sign all http requests with application credentials and access token.
Advertisements