OAuth Core 1.0 : Appendix A.2. Obtaining a Request Token : 俺約/メモ


Appendix A.2.  Obtaining a Request Token (リクエストトークンを取得)

After Jane informs printer.example.com that she would like to print her vacation photo stored at photos.example.net, the printer website tries to access the photo and receives HTTP 401 Unauthorized indicating it is private. The Service Provider includes the following header with the response:

              WWW-Authenticate: OAuth realm="http://photos.example.net/"

The Consumer sends the following HTTP POST request to the Service Provider:


The Service Provider checks the signature and replies with an unauthorized Request Token in the body of the HTTP response:


Appendix A.3.  Requesting User Authorization(認可を要求)

The Consumer redirects Jane’s browser to the Service Provider User Authorization URL to obtain Jane’s approval for accessing her private photos.


The Service Provider asks Jane to sign-in using her username and password and, if successful, asks her if she approves granting printer.example.com access to her private photos. If Jane approves the request, the Service Provider redirects her back to the Consumer’s callback URL:


Appendix A.4.  Obtaining an Access Token(アクセストークンを取得)

Now that the Consumer knows Jane approved the Request Token, it asks the Service Provider to exchange it for an Access Token:


The Service Provider checks the signature and replies with an Access Token in the body of the HTTP response:


OAuth Core 1.0

カテゴリー: 未分類 パーマリンク



WordPress.com ロゴ

WordPress.com アカウントを使ってコメントしています。 ログアウト /  変更 )

Google+ フォト

Google+ アカウントを使ってコメントしています。 ログアウト /  変更 )

Twitter 画像

Twitter アカウントを使ってコメントしています。 ログアウト /  変更 )

Facebook の写真

Facebook アカウントを使ってコメントしています。 ログアウト /  変更 )


%s と連携中