668
edits
Privacy/BestPractices/OAuth: Difference between revisions
→Central OAuth Pattern
| Line 9: | Line 9: | ||
* authenticating API calls: the consumer uses credentials to authenticate its API calls against the data host. | * authenticating API calls: the consumer uses credentials to authenticate its API calls against the data host. | ||
=== | === Establishing Credentials === | ||
There are a number of variations on the central OAuth theme, especially when it comes to establishing credentials. | |||
* the consumer registers with the data host and obtains a <tt>consumer_key</tt>, which is considered public, and a <tt>consumer_secret</tt>, which should be kept private. | * the consumer registers with the data host and obtains a <tt>consumer_key</tt>, which is considered public, and a <tt>consumer_secret</tt>, which should be kept private. | ||
* a user interacting with a data consumer decides to connect it to her data host, triggering the consumer to redirect the user to the data host with a permission request. | |||
* Making API Calls | * the user is prompted to approve the request from the specified data consumer, at which point the data host redirects the user's browser to the data consumer with a confirmation code. | ||
* the data consumer makes a direct API call to | |||
=== Making API Calls === | |||
=== Differences between OAuth 1.0 and 2.0 === | === Differences between OAuth 1.0 and 2.0 === | ||