Jay, trying to remember...

My war is winding down with OAuth

Summary of what’s going on with OAuth:

  1. create a OAuth consumer. Consumer is made up of:
    • application key
    • application secret
    • the url and path to the OAuth provider
  2. create a request token:
    • this makes a call to the provider
    • the request token sends the callback URL to the provider
    • it seems like this expires pretty quickly (at least with Twitter)
    • therefore, I'll probably hold this in a session
    • once returned from the provider, you can redirect to the provider to complete the access
    • once access is granted, the provider will return the user to the callback URL you sent
  3. create the access token:
    • this makes a call to the provider
    • the user is redirected from the provider to the callback URL
    • a querystring variable - oauth_verifier - is included with the callback URL
    • the oauth_verifier value is then sent back to the provider
    • the provider then returns an access token
    • the access token can hang around for a while and I'll save that in the database attached to the User model

comments powered by Disqus