canmove, Confirmed users
1,173
edits
CloudServices/Sync/FxSync/Archived/OAuth: Difference between revisions
CloudServices/Sync/FxSync/Archived/OAuth (view source)
Revision as of 20:11, 19 November 2013
, 19 November 2013Telliott moved page Services/Sync/FxSync/Archived/OAuth to CloudServices/Sync/FxSync/Archived/OAuth
No edit summary |
m (Telliott moved page Services/Sync/FxSync/Archived/OAuth to CloudServices/Sync/FxSync/Archived/OAuth) |
||
| (2 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
Back to [[Labs/Weave]]. | Back to [[Labs/Weave]]. | ||
== Introduction == | == Introduction == | ||
| Line 23: | Line 21: | ||
3. The Consumer then exchanges that Reqeust Token for an Access Token that it can then use to access the protected resources at the Service Provider. | 3. The Consumer then exchanges that Reqeust Token for an Access Token that it can then use to access the protected resources at the Service Provider. | ||
== API == | |||
1. Consumer registers with services.mozilla.com, providing a public RSA key. The consumer is subsequently assigned a consumer key and secret. | |||
2. GET https://services.mozilla.com/api/oauth/request?oauth_consumer_key=key&oauth_signature_method=PLAINTEXT&oauth_signature=sig&oauth_timestamp=time&oauth_nonce=nonce | |||
assigns the consumer an unauthorized request token and secret: | |||
oauth_token=token&oauth_token_secret=secret | |||
3. Consumer redirects user to https://services.mozilla.com/api/oauth/authorize?oauth_token=req&oauth_callback=foo | |||
The callback is optional, but if it is provided, the user will be redirected to it at the end of the authorization process along with a single GET parameter: oauth_token | |||
Note that the authorization process can only be performed by the user in Firefox with Weave installed. | |||
4. GET https://services.mozilla.com/api/oauth/exchange?oauth_consumer_key=key&oauth_token=req&oauth_signature_method=PLAINTEXT&oauth_timestamp=time&oauth_nonce=nonce | |||
exchanges a (now authorized) request token for an access token. | |||
5. Consumer uses acquired access token to access resources on behalf of the user. The URIs to access data are the same as always, with the exception of the Authorization header which will now contain OAuth parameters instead of HTTP BASIC auth. | |||
== Flowchart == | |||
In the success case, the flow would bascially be as follows: | In the success case, the flow would bascially be as follows: | ||