Adventures in coding and coding for adventures.
Resource Owner -> Client -> Server
A resource owner wants to give access to middle man to information he owns on a remote server. The whole model is predicated on not giving the Client any information on the user’s username/password. This also means taht the Resource Owner can reoke Client’s access to Server’s resources by just going to the Server and revoking it.
Credentials and Tokens
Consumer key and secret (client credentials). Used to authenticate the client with the server. This means that there is a unique key and secret that the server also keeps. This allows the server to validate what access to give the client and revoke access if need be.
This is how it is laid out for Servio as it relates to talking with Salesforce.:
access token and secret (token credentials) Used to validate user (resource owner) with server without giving up the user credentials (username/password) to the client.
This means that the resource owner specifies on the server what permissions it is willing to give client. The server holds on to these permissions and allows the client to only act within the permissions that the user gives it.
kwai.oauths ez_apps_user_accesses access_token request_shared_key access_secret secret_key (encrypted_secret_key) shared_key
request token and secret (temporary credentials) These are used to verify the user requests.
This associates the user to a access. So instead of passing around an access token we pass a request which is more temporary and can be changed based on when access is dealt.
kwai.oauths ez_apps_user_requests OAuth Teminology request_token request_shared_key oauth_token request_secret secret_key (encrypted_secret_key) oauth_verifier shared_key
Temporary Credential Request https://photos.example.net/initiate
Resource Owner Authorization URI: https://photos.example.net/authorize
Token Request URI: https://photos.example.net/token