OAuth (http://oauth.net) is a delegated authorization protocol developed in 2007. Using this protocol, a user can, without revealing her credentials, let a client access her data available on a server. OAuth’s authentication protocol is called three-legged because there are three parties involved in the protocol: the service provider (i.e., the server), the OAuth consumer (i.e., the client), and a user.
OAuth’s three-legged protocol is applicable whenever a client would like to access a given user’s resources available on a server. For instance, users of Twitter, Yahoo!, Google, Netflix, etc., use the OAuth protocol to grant access to their data to third-party tools so that those tools can access a user’s data without asking users to share their credentials such as username and password. Implementations of this protocol are available in most programming languages.
You want to know how to implement three-legged OAuth protocol.
Figure 12-1 shows the role of the OAuth protocol. At the start of the protocol, the server uses a “consumer key” as an identifier for the client and a “consumer secret” as a shared secret. Once a user authorizes the client to access her resources, the server uses an “access token” as an identifier and a “token secret” as a shared secret to access the user's protected resources.
Figure 12-1. Role of the three-legged ...