Confirm
927
edits
Changes
→Flow
* the client saves the node location and oauth parameters to use in subsequent requests. [6]
* for each subsequent request to the Service, the client calculates a special Authorization header using two-legged OAuth [7] and sends the request to the allocated node location [8] along with the metadata token if provided, in an ''X-App-Metadata''.
POST /request HTTP/1.1
Host: some.node.services.mozilla.com
Authorization: OAuth realm="Example",
oauth_consumer_key=<auth-token>
oauth_signature_method="HMAC-SHA1",
oauth_nonce="7d8f3e4a",
oauth_signature="bYT5CMsGcbgUdFHObYMEfcx6bsw%3D"
X-App-Metadata: <metadata-token>
* the node uses the Signing Secret to validate the Auth Token [9]. If invalid or expired then the node returns a 401
