oauth 1.0 notes

oAuth 1.0 flow

A good explanation image from oauth.net:

oAuth flow

Flow description:

  • Consumer has Consumer Key and Consumer Secret (shared secret)
  • A) Consumer requests Request Token
    • call get_request_token from Service Provider, send
      • oauth_consumer_key
      • oauth_signature_method
      • oauth_signature
      • here oauth_signature - is signature of the request created using Consumer Secret, simplified example:
      • $signature = md5($request_text . $consumer_secret)
      • both sides (Consumer and Service Provider) knows consumer_secret and able to perform this operation, so Service Provider can check whether signature is valid
  • B) Service provider returns Request Token
    • oauth_token
    • oauth_token_secret
  • C) Consumer redirects User to Service Provider
    • oauth_token (request token from B)
  • D) User confirms access and Service Provider redirects User to Consumer
    • oauth_token (request token from B)
    • oauth_verifier (request token verifier)
  • E) Consumer requests Access Token
    • call get_access_token, send
      • oauth_consumer_key
      • oauth_token (request token from B)
      • oauth_signature_method
      • oauth_signature
      • oauth_verifier
    • here oauth_signature - is signature of the request created using request token secret from B
    • note, that on step A Consumer uses his Consumer Secret to sign the request and here he use request token secret
  • F) Service provider grants Access Token
    • oauth_token
    • oauth_token_secret
  • G) Consumer Accesses Protected Resources
    • request includes
      • oauth_consumer_key
      • oauth_token (request token from F)
      • oauth_signature_method
      • oauth_signature
      • here oauth_signature created using Access Token secret



oauth guide


introducion to oauth

habrahabr, in russian

yii implementations

eauth extension

eoauth extension

api module extension

php implementations

list of libraries on oauth.net

list of libraries on twitter.com

php extension

oauth php project

oauth project


profile for Boris Serebrov on Stack Exchange, a network of free, community-driven Q&A sites