668
edits
Changes
→Establishing Credentials
* a user interacting with a data consumer decides to connect it to her data host, triggering the consumer to redirect the user to the data host with a permission request.
* the user is prompted to approve the request from the specified data consumer, at which point the data host redirects the user's browser to the data consumer with a confirmation code.
* the data consumer makes an API call to the data host, authenticated with the consumer's credentials, exchanging the confirmation code for an <tt>access_token</tt> (and, in OAuth 1.0, an <tt>access_token_secret</tt>).