abhi's logbook

Adventures in coding and coding for adventures.

OAuth

Pieces

Resource Owner -> Client -> Server

A resource owner wants to give access to middle man to information he owns on
a remote server. The whole model is predicated on not giving the Client any
information on the user’s username/password. This also means taht the Resource
Owner can reoke Client’s access to Server’s resources by just going to the Server
and revoking it.

Credentials and Tokens

Consumer key and secret (client credentials). Used to authenticate the client with the server. This means that there is a unique key and secret that the server also keeps. This allows the server to validate what access to give the client and revoke access if need be.

This is how it is laid out for Servio as it relates to talking with Salesforce.:

kwai.oauths ez.ez_applications
consumer_key shared_key
consumer_secret secret_key (encrypted_secret_key)
callback  
  • access token and secret (token credentials) Used to validate user
    (resource owner) with server without giving up the user
    credentials (username/password) to the client.

    This means that the resource owner specifies on the server what
    permissions it is willing to give client. The server holds on to
    these permissions and allows the client to only act within the
    permissions that the user gives it.

    kwai.oauths ez_apps_user_accesses
    access_token request_shared_key
    access_secret secret_key (encrypted_secret_key)
      shared_key
  • request token and secret (temporary credentials)
    These are used to verify the user requests.

    This associates the user to a access. So instead of
    passing around an access token we pass a request which
    is more temporary and can be changed based on when access
    is dealt.

    kwai.oauths ez_apps_user_requests OAuth Teminology
    request_token request_shared_key oauth_token
    request_secret secret_key (encrypted_secret_key) oauth_verifier
      shared_key  

Request Urls

  • Temporary Credential Request
    https://photos.example.net/initiate

  • Resource Owner Authorization URI:
    https://photos.example.net/authorize

  • Token Request URI:
    https://photos.example.net/token