abhi's logbook

Adventures in coding and coding for adventures.



Resource Owner -> Client -> Server

A resource owner wants to give access to middle man to information he owns on a remote server. The whole model is predicated on not giving the Client any information on the user’s username/password. This also means taht the Resource Owner can reoke Client’s access to Server’s resources by just going to the Server and revoking it.

Credentials and Tokens

Consumer key and secret (client credentials). Used to authenticate the client with the server. This means that there is a unique key and secret that the server also keeps. This allows the server to validate what access to give the client and revoke access if need be.

This is how it is laid out for Servio as it relates to talking with Salesforce.:

kwai.oauths ez.ez_applications
consumer_key shared_key
consumer_secret secret_key (encrypted_secret_key)
  • access token and secret (token credentials) Used to validate user (resource owner) with server without giving up the user credentials (username/password) to the client.

    This means that the resource owner specifies on the server what permissions it is willing to give client. The server holds on to these permissions and allows the client to only act within the permissions that the user gives it.

    kwai.oauths ez_apps_user_accesses
    access_token request_shared_key
    access_secret secret_key (encrypted_secret_key)
  • request token and secret (temporary credentials) These are used to verify the user requests.

    This associates the user to a access. So instead of passing around an access token we pass a request which is more temporary and can be changed based on when access is dealt.

    kwai.oauths ez_apps_user_requests OAuth Teminology
    request_token request_shared_key oauth_token
    request_secret secret_key (encrypted_secret_key) oauth_verifier

Request Urls

  • Temporary Credential Request https://photos.example.net/initiate

  • Resource Owner Authorization URI: https://photos.example.net/authorize

  • Token Request URI: https://photos.example.net/token