6. How are the access token and token secret acquired?
7. How are the access token and token secret acquired? The provider sends your the access token and secret In the clear! HTTPS is required
8. The last OAUTH-specific URL: the access token URL direction: Provider to Consumer Given: the request token Returned: the access token and secret if the access token has been blessed http://icecendor.com/oauth/access&oauth_token=req132 icecondor-android-app:///&oauth_token=access1234 &oauth_token_secret=xfz123 HTTP 302 redirect to:
9. The next OAUTH-specific URL: the user permission URL Direction: User to provider Given: the request token Post: Bless the token http://icecendor.com/oauth/authorize&oauth_token=req132 http://icecondor.com/oauth/authorize&oauth_token=req123 &granted=1 Displays a screen that asks the user to authorize this application for access to protected data. Redirects to pre-defined return-to URL back to the consumer
10. The first OAUTH-specific URL: the request token URL Direction: Consumer to Provider Given: the consumer key Post: Bless the token http://icecendor.com/oauth/request& oauth_consumer_key=req132 http://icecondor.com/oauth/authorize&oauth_token=req123 &granted=1 Displays a screen that asks the user to authorize this application for access to protected data. Redirects to pre-defined return-to URL back to the consumer
11. How to does the consumer acquire a consumer key and secret from the provider? Last parts of the puzzle
12. How to does the consumer acquire a consumer key and secret from the provider? Last parts of the puzzle Out of scope! The spec doesn't say. Use an out-of-band method. Example: Receive the consumer key and secret in an email, and hard-code the values into the consumer app. Also, the request token URL, the authorization URL, and the access token URLs are not standardized and have to be communicated out-of-band.
13. Help is on the way OAUTH DISCOVERY (draft spec) XRDS document location in the headers Date: Wed, 04 Feb 2009 01:06:17 GMT Server: Apache X-Powered-By: Phusion Passenger (mod_rails/mod_rack) 2.0.6 X-Runtime: 3125ms Etag: "aafe6ca507f518d040c9868cddaad9ef" X-XRDS-Location: http://icecondor.com/xrds.xml Cache-Contro: private, max-age=0, must-revalidate