Calling an OAuth 1.0a API from an OAuth 2.0 API

•

1 j'aime•2,144 vues

The document describes how an OAuth 2.0 protected service can call an OAuth 1.0a protected Twitter API. It involves the service obtaining an access token from Twitter by redirecting the user through Twitter's OAuth 1.0a authorization process. The service then uses the access token to call the Twitter API on behalf of the user. When a third-party OAuth 2.0 client calls the service, it provides an access token issued by the service's OAuth 2.0 authorization server to access the user's Twitter data through the intermediate service.

Technologie

Calling an OAuth 1.0a Service from
an OAuth 2.0-protected Service
By Travis Spencer
email@travisspencer.com

Basic Rundown
• You want to call the Twitter API from your own API
• The Twitter service is an OAuth 1.0a Resource Server (RS)
• Twitter has an OAuth 1.0a Authorization Server (AS)
• The Twitter service naturally only trusts it's own AS
• Your service is an OAuth 2 RS and an OAuth 1.0a Twitter client
• You have an OAuth 2 AS
• Your service naturally only trusts your AS
• The Web app that calls your service is an OAuth 2.0 client and must
submit Access Tokens (ATs) emitted by your AS (not Twitter's) when
calling your service
• The Resource Owner (RO) is a Twitter user and will authorize your
service to call the Twitter API to modify their data
• The RO authenticates to your AS using Twitter's OAuth 1.0a AS
• Your AS asks the RO to authorize a third-party client of your service

User indicates that they would like to grant some Web site
access to the resources that your service provides.

Twitter’s
Twitter User
OAuth 1.0a
(RO)
AS

Twitter API
Your OAuth
(OAuth 1.0a
2.0 AS
RS)

Third-party Your API
Web site (OAuth 2.0
(OAuth 2.0 RS/OAuth
Client) 1.0a Client)

User is redirected to your OAuth 2.0 AS.

Twitter’s
Twitter User
OAuth 1.0a
(RO)
AS

Twitter API
Your OAuth
(OAuth 1.0a
2.0 AS
RS)

Third-party Your API
Web site (OAuth 2.0
(OAuth 2.0 RS/OAuth
Client) 1.0a Client)

Your AS gets a Request Token (RT) from Twitter’s AS by
making an authenticated call using your Twitter client key.

Twitter’s
Twitter User
OAuth 1.0a
(RO)
AS

Twitter API
Your OAuth
(OAuth 1.0a
2.0 AS
RS)

Third-party Your API
Web site (OAuth 2.0
(OAuth 2.0 RS/OAuth
Client) 1.0a Client)

Your AS redirects the user to Twitter w/ the RT and a digital
signature.

Twitter’s
Twitter User
OAuth 1.0a
(RO)
AS

Twitter API
Your OAuth
(OAuth 1.0a
2.0 AS
RS)

Third-party Your API
Web site (OAuth 2.0
(OAuth 2.0 RS/OAuth
Client) 1.0a Client)

The user authenticates to Twitter if they don’t have a
session already.

Twitter’s
Twitter User
OAuth 1.0a
(RO)
AS

Twitter API
Your OAuth
(OAuth 1.0a
2.0 AS
RS)

Third-party Your API
Web site (OAuth 2.0
(OAuth 2.0 RS/OAuth
Client) 1.0a Client)

The user grants your API access to Twitter’s API.

Twitter’s
Twitter User
OAuth 1.0a
(RO)
AS

Twitter API
Your OAuth
(OAuth 1.0a
2.0 AS
RS)

Third-party Your API
Web site (OAuth 2.0
(OAuth 2.0 RS/OAuth
Client) 1.0a Client)

Twitter redirects the user to your AS’s callback URL w/ the
RT from before.

Twitter’s
Twitter User
OAuth 1.0a
(RO)
AS

Twitter API
Your OAuth
(OAuth 1.0a
2.0 AS
RS)

Third-party Your API
Web site (OAuth 2.0
(OAuth 2.0 RS/OAuth
Client) 1.0a Client)

Your AS exchanges the RT for an Access Token (AT) and
stores/associates this with the user.

Twitter’s
Twitter User
OAuth 1.0a
(RO)
AS

Twitter API
Your OAuth
(OAuth 1.0a
2.0 AS
RS)

Third-party Your API
Web site (OAuth 2.0
(OAuth 2.0 RS/OAuth
Client) 1.0a Client)

Your AS redirects the user with an Access Code (AC) to the
callback URL of the third-party consumer of your API.

Twitter’s
Twitter User
OAuth 1.0a
(RO)
AS

Twitter API
Your OAuth
(OAuth 1.0a
2.0 AS
RS)

Third-party Your API
Web site (OAuth 2.0
(OAuth 2.0 RS/OAuth
Client) 1.0a Client)

The client exchanges the AC for a new AT specific to your
API by authenticating w/ the client key you gave them.

Twitter’s
Twitter User
OAuth 1.0a
(RO)
AS

Twitter API
Your OAuth
(OAuth 1.0a
2.0 AS
RS)

Third-party Your API
Web site (OAuth 2.0
(OAuth 2.0 RS/OAuth
Client) 1.0a Client)

The client calls your API with an AT from your AS.

Twitter’s
Twitter User
OAuth 1.0a
(RO)
AS

Twitter API
Your OAuth
(OAuth 1.0a
2.0 AS
RS)

Third-party Your API
Web site (OAuth 2.0
(OAuth 2.0 RS/OAuth
Client) 1.0a Client)

Your API looks up the Twitter AT by submitting the one
presented to your API.

Twitter’s
Twitter User
OAuth 1.0a
(RO)
AS

Twitter API
Your OAuth
(OAuth 1.0a
2.0 AS
RS)

Third-party Your API
Web site (OAuth 2.0
(OAuth 2.0 RS/OAuth
Client) 1.0a Client)

Your API calls the Twitter API using the previously granted
access.

Twitter’s
Twitter User
OAuth 1.0a
(RO)
AS

Twitter API
Your OAuth
(OAuth 1.0a
2.0 AS
RS)

Third-party Your API
Web site (OAuth 2.0
(OAuth 2.0 RS/OAuth
Client) 1.0a Client)

The Twitter data is used and your API returns the results.

Twitter’s
Twitter User
OAuth 1.0a
(RO)
AS

Twitter API
Your OAuth
(OAuth 1.0a
2.0 AS
RS)

Third-party Your API
Web site (OAuth 2.0
(OAuth 2.0 RS/OAuth
Client) 1.0a Client)

Contenu connexe

Dernier

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

The Digital Insurer

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

With more memory available, system performance of three Dell devices increased, which can translate to a better user experience Conclusion When your system has plenty of RAM to meet your needs, you can efficiently access the applications and data you need to finish projects and to-do lists without sacrificing time and focus. Our test results show that with more memory available, three Dell PCs delivered better performance and took less time to complete the Procyon Office Productivity benchmark. These advantages translate to users being able to complete workflows more quickly and multitask more easily. Whether you need the mobility of the Latitude 5440, the creative capabilities of the Precision 3470, or the high performance of the OptiPlex Tower Plus 7010, configuring your system with more RAM can help keep processes running smoothly, enabling you to do more without compromising performance.

Boost PC performance: How more available memory can improve productivity

Principled Technologies

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

Data Cloud, More than a CDP by Matt Robison

Anna Loughnan Colquhoun

What are drone anti-jamming systems? The drone anti-jamming systems and anti-spoof technology protect against interference, jamming, and spoofing of the UAVs. To protect their security, countries are beginning to research drone anti-jamming systems, also known as drone strike weapons. The anti-jam and anti-spoof technology protects against interference, jamming and spoofing. A drone strike weapon is a drone attack weapon that can attack and destroy enemy drones. So what is so unique about this amazing system?

What Are The Drone Anti-jamming Systems Technology?

Antenna Manufacturer Coco

Histor y of HAM Radio presentation slide

vu2urc

Finology Group – Insurtech Innovation Award 2024

The Digital Insurer

Partners Life - Insurer Innovation Award 2024

The Digital Insurer

Discord is a free app offering voice, video, and text chat functionalities, primarily catering to the gaming community. It serves as a hub for users to create and join servers tailored to their interests. Discord’s ecosystem comprises servers, each functioning as a distinct online community with its own channels dedicated to specific topics or activities. Users can engage in text-based discussions, voice calls, or video chats within these channels. Understanding Discord Servers Discord servers are virtual spaces where users congregate to interact, share content, and build communities. Servers may revolve around gaming, hobbies, interests, or fandoms, providing a platform for like-minded individuals to connect. Communication Features Discord offers a range of communication tools, including text channels for messaging, voice channels for real-time audio conversations, and video channels for face-to-face interactions. These features facilitate seamless communication and collaboration. What Does NSFW Mean? The acronym NSFW stands for “Not Safe For Work,” indicating content that may be inappropriate for professional or public settings. NSFW Content NSFW content encompasses material that is sexually explicit, violent, or otherwise graphic in nature. It often includes nudity, profanity, or depictions of sensitive topics.

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

UK Journal

🐬 The future of MySQL is Postgres 🐘

RTylerCroy

Sara Mae O’Brien Scott and Tatiana Baquero Cakici, Senior Consultants at Enterprise Knowledge (EK), presented “AI Fast Track to Search-Focused AI Solutions” at the Information Architecture Conference (IAC24) that took place on April 11, 2024 in Seattle, WA. In their presentation, O’Brien-Scott and Cakici focused on what Enterprise AI is, why it is important, and what it takes to empower organizations to get started on a search-based AI journey and stay on track. The presentation explored the complexities of enterprise search challenges and how IA principles can be leveraged to provide AI solutions through the use of a semantic layer. O’Brien-Scott and Cakici showcased a case study where a taxonomy, an ontology, and a knowledge graph were used to structure content at a healthcare workforce solutions organization, providing personalized content recommendations and increasing content findability. In this session, participants gained insights about the following: Most common types of AI categories and use cases; Recommended steps to design and implement taxonomies and ontologies, ensuring they evolve effectively and support the organization’s search objectives; Taxonomy and ontology design considerations and best practices; Real-world AI applications that illustrated the value of taxonomies, ontologies, and knowledge graphs; and Tools, roles, and skills to design and implement AI-powered search solutions.

IAC 2024 - IA Fast Track to Search Focused AI Solutions

Enterprise Knowledge

Abhishek Deb(1), Mr Abdul Kalam(2) M. Des (UX) , School of Design, DIT University , Dehradun. This paper explores the future potential of AI-enabled smartphone processors, aiming to investigate the advancements, capabilities, and implications of integrating artificial intelligence (AI) into smartphone technology. The research study goals consist of evaluating the development of AI in mobile phone processors, analyzing the existing state as well as abilities of AI-enabled cpus determining future patterns as well as chances together with reviewing obstacles as well as factors to consider for more growth.

Exploring the Future Potential of AI-Enabled Smartphone Processors

debabhi2

Presentation on how to chat with PDF using ChatGPT code interpreter

naman860154

How to Troubleshoot Apps for the Modern Connected Worker

ThousandEyes

What is a good lead in your organisation? Which leads are priority? What happens to leads? When sales and marketing give different answers to these questions, or perhaps aren't sure of the answers at all, frustrations build and opportunities are left on the table. Join us for an illuminating session with Cian McLoughlin, HubSpot Principal Customer Success Manager, as we look at that crucial piece of the customer journey in which leads are transferred from marketing to sales.

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

HampshireHUG

This presentations targets students or working professionals. You may know Google for search, YouTube, Android, Chrome, and Gmail, but did you know Google has many developer tools, platforms & APIs? This comprehensive yet still high-level overview outlines the most impactful tools for where to run your code, store & analyze your data. It will also inspire you as to what's possible. This talk is 50 minutes in length.

Powerful Google developer tools for immediate impact! (2023-24 C)

wesley chun

Automating Google Workspace (GWS) & more with Apps Script

wesley chun

Handwritten Text Recognition for manuscripts and early printed texts

Maria Levchenko

2024: Domino Containers - The Next Step. News from the Domino Container commu...

Martijn de Jong

Dernier (20)

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024

presentation ICT roal in 21st century education

Boost PC performance: How more available memory can improve productivity

Boost Fertility New Invention Ups Success Rates.pdf

Data Cloud, More than a CDP by Matt Robison

What Are The Drone Anti-jamming Systems Technology?

Histor y of HAM Radio presentation slide

Finology Group – Insurtech Innovation Award 2024

Partners Life - Insurer Innovation Award 2024

Understanding Discord NSFW Servers A Guide for Responsible Users.pdf

🐬 The future of MySQL is Postgres 🐘

IAC 2024 - IA Fast Track to Search Focused AI Solutions

Exploring the Future Potential of AI-Enabled Smartphone Processors

Presentation on how to chat with PDF using ChatGPT code interpreter

How to Troubleshoot Apps for the Modern Connected Worker

04-2024-HHUG-Sales-and-Marketing-Alignment.pptx

Powerful Google developer tools for immediate impact! (2023-24 C)

Automating Google Workspace (GWS) & more with Apps Script

Handwritten Text Recognition for manuscripts and early printed texts

2024: Domino Containers - The Next Step. News from the Domino Container commu...

En vedette

Content Methodology: A Best Practices Report (Webinar)

contently

How to Prepare For a Successful Job Search for 2024

Albert Qian

A report by thenetworkone and Kurio. The contributing experts and agencies are (in an alphabetical order): Sylwia Rytel, Social Media Supervisor, 180heartbeats + JUNG v MATT (PL), Sharlene Jenner, Vice President - Director of Engagement Strategy, Abelson Taylor (USA), Alex Casanovas, Digital Director, Atrevia (ES), Dora Beilin, Senior Social Strategist, Barrett Hoffher (USA), Min Seo, Campaign Director, Brand New Agency (KR), Deshé M. Gully, Associate Strategist, Day One Agency (USA), Francesca Trevisan, Strategist, Different (IT), Trevor Crossman, CX and Digital Transformation Director; Olivia Hussey, Strategic Planner; Simi Srinarula, Social Media Manager, The Hallway (AUS), James Hebbert, Managing Director, Hylink (CN / UK), Mundy Álvarez, Planning Director; Pedro Rojas, Social Media Manager; Pancho González, CCO, Inbrax (CH), Oana Oprea, Head of Digital Planning, Jam Session Agency (RO), Amy Bottrill, Social Account Director, Launch (UK), Gaby Arriaga, Founder, Leonardo1452 (MX), Shantesh S Row, Creative Director, Liwa (UAE), Rajesh Mehta, Chief Strategy Officer; Dhruv Gaur, Digital Planning Lead; Leonie Mergulhao, Account Supervisor - Social Media & PR, Medulla (IN), Aurelija Plioplytė, Head of Digital & Social, Not Perfect (LI), Daiana Khaidargaliyeva, Account Manager, Osaka Labs (UK / USA), Stefanie Söhnchen, Vice President Digital, PIABO Communications (DE), Elisabeth Winiartati, Managing Consultant, Head of Global Integrated Communications; Lydia Aprina, Account Manager, Integrated Marketing and Communications; Nita Prabowo, Account Manager, Integrated Marketing and Communications; Okhi, Web Developer, PNTR Group (ID), Kei Obusan, Insights Director; Daffi Ranandi, Insights Manager, Radarr (SG), Gautam Reghunath, Co-founder & CEO, Talented (IN), Donagh Humphreys, Head of Social and Digital Innovation, THINKHOUSE (IRE), Sarah Yim, Strategy Director, Zulu Alpha Kilo (CA).

Social Media Marketing Trends 2024 // The Global Indie Insights

Kurio // The Social Media Age(ncy)

The search marketing landscape is evolving rapidly with new technologies, and professionals, like you, rely on innovative paid search strategies to meet changing demands. It’s important that you’re ready to implement new strategies in 2024. Check this out and learn the top trends in paid search advertising that are expected to gain traction, so you can drive higher ROI more efficiently in 2024. You’ll learn: - The latest trends in AI and automation, and what this means for an evolving paid search ecosystem. - New developments in privacy and data regulation. - Emerging ad formats that are expected to make an impact next year. Watch Sreekant Lanka from iQuanti and Irina Klein from OneMain Financial as they dive into the future of paid search and explore the trends, strategies, and technologies that will shape the search marketing landscape. If you’re looking to assess your paid search strategy and design an industry-aligned plan for 2024, then this webinar is for you.

Trends In Paid Search: Navigating The Digital Landscape In 2024

Search Engine Journal

From their humble beginnings in 1984, TED has grown into the world’s most powerful amplifier for speakers and thought-leaders to share their ideas. They have over 2,400 filmed talks (not including the 30,000+ TEDx videos) freely available online, and have hosted over 17,500 events around the world. With over one billion views in a year, it’s no wonder that so many speakers are looking to TED for ideas on how to share their message more effectively. The article “5 Public-Speaking Tips TED Gives Its Speakers”, by Carmine Gallo for Forbes, gives speakers five practical ways to connect with their audience, and effectively share their ideas on stage. Whether you are gearing up to get on a TED stage yourself, or just want to master the skills that so many of their speakers possess, these tips and quotes from Chris Anderson, the TED Talks Curator, will encourage you to make the most impactful impression on your audience. See the full article and more summaries like this on SpeakerHub here: https://speakerhub.com/blog/5-presentation-tips-ted-gives-its-speakers See the original article on Forbes here: http://www.forbes.com/forbes/welcome/?toURL=http://www.forbes.com/sites/carminegallo/2016/05/06/5-public-speaking-tips-ted-gives-its-speakers/&refURL=&referrer=#5c07a8221d9b

5 Public speaking tips from TED - Visualized summary

SpeakerHub

Everyone is in agreement that ChatGPT (and other generative AI tools) will shape the future of work. Yet there is little consensus on exactly how, when, and to what extent this technology will change our world. Businesses that extract maximum value from ChatGPT will use it as a collaborative tool for everything from brainstorming to technical maintenance. For individuals, now is the time to pinpoint the skills the future professional will need to thrive in the AI age. Check out this presentation to understand what ChatGPT is, how it will shape the future of work, and how you can prepare to take advantage.

ChatGPT and the Future of Work - Clark Boyd

Clark Boyd

Getting into the tech field. what next

Tessa Mero

Google's Just Not That Into You: Understanding Core Updates & Search Intent

Lily Ray

How to have difficult conversations

Rajiv Jayarajah, MAppComm, ACC

Introduction to Data Science

Christy Abraham Joy

Time Management & Productivity - Best Practices

Vit Horky

The six step guide to practical project management If you think managing projects is too difficult, think again. We’ve stripped back project management processes to the basics – to make it quicker and easier, without sacrificing the vital ingredients for success. “If you’re looking for some real-world guidance, then The Six Step Guide to Practical Project Management will help.” Dr Andrew Makar, Tactical Project Management

The six step guide to practical project management

MindGenius

Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...

RachelPearson36

During this webinar, Anand Bagmar demonstrates how AI tools such as ChatGPT can be applied to various stages of the software development life cycle (SDLC) using an eCommerce application case study. Find the on-demand recording and more info at https://applitools.info/b59 Key takeaways: • Learn how to use ChatGPT to add AI power to your testing and test automation • Understand the limitations of the technology and where human expertise is crucial • Gain insight into different AI-based tools • Adopt AI-based tools to stay relevant and optimize work for developers and testers * ChatGPT and OpenAI belong to OpenAI, L.L.C.

Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...

Applitools

12 Ways to Increase Your Influence at Work

GetSmarter

ChatGPT webinar slides

Alireza Esmikhani

More than Just Lines on a Map: Best Practices for U.S Bike Routes

Project for Public Spaces & National Center for Biking and Walking

Has your project been caught in a storm of deadlines, clashing requirements, and the need to change course halfway through? If yes, then check out how the administration team navigated through all of this, relocating 160 people from 3 countries and opening 2 offices during the most turbulent time in the last 20 years. Belka Games’ Chief Administrative Officer, Katerina Rudko, will share universal approaches and life hacks that can help your project survive unstable periods when there seem to be too many tasks and a lack of time and people.

Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...

DevGAMM Conference

Barbie - Brand Strategy Presentation

Erica Santiago

According to the latest State of the American Manager report from Gallup, employees who have regular meetings with their managers are almost three times as likely to be engaged as those who don’t. These regular check-ins keep managers and employees in sync and aligned. Want to see better manager/employee relationships in your organisation? Then make an all-in commitment to 1:1 meetings. Not sure how? You’ve come to the right place. In this webinar with Jamie Resker, Founder and Practice Leader for Employee Performance Solutions (EPS), and Teala Wilson, Talent Management Consultant at Saba Software, you’ll get the inside track on how to hold effective 1:1 meetings, including tips for getting managers on board. • Go beyond discussing the status of everyday work to higher level topics, including recognition, performance, development, and career aspirations • Learn how to decide meeting frequency, what to cover, as well as roles and responsibilities of the manager and employee • Understand how managers can build trust and make it comfortable for employees to provide upward feedback • Unite your organisation with a unified approach to 1:1 meetings Join us for this 1-hour webinar to get practical tips for building better manager-employee relationships with intention and purpose. About the Speakers Jamie Resker - Founder and Practice Leader for Employee Performance Solutions (EPS) Jamie Resker, Practice Leader and Founder of Employee Performance Solutions, is a recognized innovator in performance management. She is the originator of the-the Performance Continuum Feedback Method® and Conversations to Optimize Employee Performance training program; tools and training that reshape communications between managers and employees to drive and align performance. Jamie is on the faculty for the Northeast Human Resources Association, is a contributor to Halogen Software's Talent Space Blog, and is an editorial advisory board member for HR Examiner. Teala Wilson - Senior Consultant, Strategic Services, Saba Software Teala is a Talent Management Consultant at Halogen Software, now a part of Saba Software. She has worked with teams on a national and global level supporting human resources in areas such as performance management, recruitment, employee benefit programs, training and talent development, workforce planning and internal communications. Teala also has a personal passion for visual arts and design. Want to learn more? Join us for an upcoming Product Tour! http://bit.ly/2yitfqu

Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well

Saba Software

En vedette (20)

Content Methodology: A Best Practices Report (Webinar)

How to Prepare For a Successful Job Search for 2024

Social Media Marketing Trends 2024 // The Global Indie Insights

Trends In Paid Search: Navigating The Digital Landscape In 2024

5 Public speaking tips from TED - Visualized summary

ChatGPT and the Future of Work - Clark Boyd

Getting into the tech field. what next

Google's Just Not That Into You: Understanding Core Updates & Search Intent

How to have difficult conversations

Introduction to Data Science

Time Management & Productivity - Best Practices

The six step guide to practical project management

Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...

Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...

12 Ways to Increase Your Influence at Work

ChatGPT webinar slides

More than Just Lines on a Map: Best Practices for U.S Bike Routes

Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...

Barbie - Brand Strategy Presentation

Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well

Calling an OAuth 1.0a API from an OAuth 2.0 API

1. Calling an OAuth 1.0a Service from an OAuth 2.0-protected Service By Travis Spencer email@travisspencer.com

2. Basic Rundown • You want to call the Twitter API from your own API • The Twitter service is an OAuth 1.0a Resource Server (RS) • Twitter has an OAuth 1.0a Authorization Server (AS) • The Twitter service naturally only trusts it's own AS • Your service is an OAuth 2 RS and an OAuth 1.0a Twitter client • You have an OAuth 2 AS • Your service naturally only trusts your AS • The Web app that calls your service is an OAuth 2.0 client and must submit Access Tokens (ATs) emitted by your AS (not Twitter's) when calling your service • The Resource Owner (RO) is a Twitter user and will authorize your service to call the Twitter API to modify their data • The RO authenticates to your AS using Twitter's OAuth 1.0a AS • Your AS asks the RO to authorize a third-party client of your service

3. User indicates that they would like to grant some Web site access to the resources that your service provides. Twitter’s Twitter User OAuth 1.0a (RO) AS Twitter API Your OAuth (OAuth 1.0a 2.0 AS RS) Third-party Your API Web site (OAuth 2.0 (OAuth 2.0 RS/OAuth Client) 1.0a Client)

4. User is redirected to your OAuth 2.0 AS. Twitter’s Twitter User OAuth 1.0a (RO) AS Twitter API Your OAuth (OAuth 1.0a 2.0 AS RS) Third-party Your API Web site (OAuth 2.0 (OAuth 2.0 RS/OAuth Client) 1.0a Client)

5. Your AS gets a Request Token (RT) from Twitter’s AS by making an authenticated call using your Twitter client key. Twitter’s Twitter User OAuth 1.0a (RO) AS Twitter API Your OAuth (OAuth 1.0a 2.0 AS RS) Third-party Your API Web site (OAuth 2.0 (OAuth 2.0 RS/OAuth Client) 1.0a Client)

6. Your AS redirects the user to Twitter w/ the RT and a digital signature. Twitter’s Twitter User OAuth 1.0a (RO) AS Twitter API Your OAuth (OAuth 1.0a 2.0 AS RS) Third-party Your API Web site (OAuth 2.0 (OAuth 2.0 RS/OAuth Client) 1.0a Client)

7. The user authenticates to Twitter if they don’t have a session already. Twitter’s Twitter User OAuth 1.0a (RO) AS Twitter API Your OAuth (OAuth 1.0a 2.0 AS RS) Third-party Your API Web site (OAuth 2.0 (OAuth 2.0 RS/OAuth Client) 1.0a Client)

8. The user grants your API access to Twitter’s API. Twitter’s Twitter User OAuth 1.0a (RO) AS Twitter API Your OAuth (OAuth 1.0a 2.0 AS RS) Third-party Your API Web site (OAuth 2.0 (OAuth 2.0 RS/OAuth Client) 1.0a Client)

9. Twitter redirects the user to your AS’s callback URL w/ the RT from before. Twitter’s Twitter User OAuth 1.0a (RO) AS Twitter API Your OAuth (OAuth 1.0a 2.0 AS RS) Third-party Your API Web site (OAuth 2.0 (OAuth 2.0 RS/OAuth Client) 1.0a Client)

10. Your AS exchanges the RT for an Access Token (AT) and stores/associates this with the user. Twitter’s Twitter User OAuth 1.0a (RO) AS Twitter API Your OAuth (OAuth 1.0a 2.0 AS RS) Third-party Your API Web site (OAuth 2.0 (OAuth 2.0 RS/OAuth Client) 1.0a Client)

11. Your AS redirects the user with an Access Code (AC) to the callback URL of the third-party consumer of your API. Twitter’s Twitter User OAuth 1.0a (RO) AS Twitter API Your OAuth (OAuth 1.0a 2.0 AS RS) Third-party Your API Web site (OAuth 2.0 (OAuth 2.0 RS/OAuth Client) 1.0a Client)

12. The client exchanges the AC for a new AT specific to your API by authenticating w/ the client key you gave them. Twitter’s Twitter User OAuth 1.0a (RO) AS Twitter API Your OAuth (OAuth 1.0a 2.0 AS RS) Third-party Your API Web site (OAuth 2.0 (OAuth 2.0 RS/OAuth Client) 1.0a Client)

13. The client calls your API with an AT from your AS. Twitter’s Twitter User OAuth 1.0a (RO) AS Twitter API Your OAuth (OAuth 1.0a 2.0 AS RS) Third-party Your API Web site (OAuth 2.0 (OAuth 2.0 RS/OAuth Client) 1.0a Client)

14. Your API looks up the Twitter AT by submitting the one presented to your API. Twitter’s Twitter User OAuth 1.0a (RO) AS Twitter API Your OAuth (OAuth 1.0a 2.0 AS RS) Third-party Your API Web site (OAuth 2.0 (OAuth 2.0 RS/OAuth Client) 1.0a Client)

15. Your API calls the Twitter API using the previously granted access. Twitter’s Twitter User OAuth 1.0a (RO) AS Twitter API Your OAuth (OAuth 1.0a 2.0 AS RS) Third-party Your API Web site (OAuth 2.0 (OAuth 2.0 RS/OAuth Client) 1.0a Client)

16. The Twitter data is used and your API returns the results. Twitter’s Twitter User OAuth 1.0a (RO) AS Twitter API Your OAuth (OAuth 1.0a 2.0 AS RS) Third-party Your API Web site (OAuth 2.0 (OAuth 2.0 RS/OAuth Client) 1.0a Client)

Calling an OAuth 1.0a API from an OAuth 2.0 API

Recommandé

Recommandé

Contenu connexe

Dernier

Dernier (20)

En vedette

En vedette (20)

Calling an OAuth 1.0a API from an OAuth 2.0 API