My war is winding down with OAuth
Summary of what’s going on with OAuth:
- create a OAuth consumer. Consumer is made up of:
- application key
- application secret
- the url and path to the OAuth provider
- create a request token:
- this makes a call to the provider
- the request token sends the callback URL to the provider
- it seems like this expires pretty quickly (at least with Twitter)
- therefore, I’ll probably hold this in a session
- once returned from the provider, you can redirect to the provider to complete the access
- once access is granted, the provider will return the user to the callback URL you sent
- create the access token:
- this makes a call to the provider
- the user is redirected from the provider to the callback URL
- a querystring variable –
oauth_verifier– is included with the callback URL - the
oauth_verifiervalue is then sent back to the provider - the provider then returns an access token
- the access token can hang around for a while and I’ll save that in the database attached to the User model