Cover by Subbu Allamaraju

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

O'Reilly logo

12.3. How to Use Three-Legged OAuth

OAuth (http://oauth.net) is a delegated authorization protocol developed in 2007. Using this protocol, a user can, without revealing her credentials, let a client access her data available on a server. OAuth’s authentication protocol is called three-legged because there are three parties involved in the protocol: the service provider (i.e., the server), the OAuth consumer (i.e., the client), and a user.

OAuth’s three-legged protocol is applicable whenever a client would like to access a given user’s resources available on a server. For instance, users of Twitter, Yahoo!, Google, Netflix, etc., use the OAuth protocol to grant access to their data to third-party tools so that those tools can access a user’s data without asking users to share their credentials such as username and password. Implementations of this protocol are available in most programming languages.

Problem

You want to know how to implement three-legged OAuth protocol.

Solution

Figure 12-1 shows the role of the OAuth protocol. At the start of the protocol, the server uses a consumer key as an identifier for the client and a consumer secret as a shared secret. Once a user authorizes the client to access her resources, the server uses an access token as an identifier and a token secret as a shared secret to access the user's protected resources.

Role of the three-legged OAuth flow

Figure 12-1. Role of the three-legged ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required