Your SlideShare is downloading. ×
0
Calling an OAuth 1.0a API from an OAuth 2.0 API
Calling an OAuth 1.0a API from an OAuth 2.0 API
Calling an OAuth 1.0a API from an OAuth 2.0 API
Calling an OAuth 1.0a API from an OAuth 2.0 API
Calling an OAuth 1.0a API from an OAuth 2.0 API
Calling an OAuth 1.0a API from an OAuth 2.0 API
Calling an OAuth 1.0a API from an OAuth 2.0 API
Calling an OAuth 1.0a API from an OAuth 2.0 API
Calling an OAuth 1.0a API from an OAuth 2.0 API
Calling an OAuth 1.0a API from an OAuth 2.0 API
Calling an OAuth 1.0a API from an OAuth 2.0 API
Calling an OAuth 1.0a API from an OAuth 2.0 API
Calling an OAuth 1.0a API from an OAuth 2.0 API
Calling an OAuth 1.0a API from an OAuth 2.0 API
Calling an OAuth 1.0a API from an OAuth 2.0 API
Calling an OAuth 1.0a API from an OAuth 2.0 API
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Calling an OAuth 1.0a API from an OAuth 2.0 API

4,082

Published on

Steps involved in calling an OAuth 1.0a API (like Twitter

Steps involved in calling an OAuth 1.0a API (like Twitter

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
4,082
On Slideshare
0
From Embeds
0
Number of Embeds
11
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Calling an OAuth 1.0a Service from an OAuth 2.0-protected Service By Travis Spencer email@travisspencer.com
  • 2. Basic Rundown• You want to call the Twitter API from your own API• The Twitter service is an OAuth 1.0a Resource Server (RS)• Twitter has an OAuth 1.0a Authorization Server (AS)• The Twitter service naturally only trusts its own AS• Your service is an OAuth 2 RS and an OAuth 1.0a Twitter client• You have an OAuth 2 AS• Your service naturally only trusts your AS• The Web app that calls your service is an OAuth 2.0 client and must submit Access Tokens (ATs) emitted by your AS (not Twitters) when calling your service• The Resource Owner (RO) is a Twitter user and will authorize your service to call the Twitter API to modify their data• The RO authenticates to your AS using Twitters OAuth 1.0a AS• Your AS asks the RO to authorize a third-party client of your service
  • 3. User indicates that they would like to grant some Web siteaccess to the resources that your service provides. Twitter’s Twitter User OAuth 1.0a (RO) AS Twitter API Your OAuth (OAuth 1.0a 2.0 AS RS) Third-party Your API Web site (OAuth 2.0 (OAuth 2.0 RS/OAuth Client) 1.0a Client)
  • 4. User is redirected to your OAuth 2.0 AS. Twitter’s Twitter User OAuth 1.0a (RO) AS Twitter API Your OAuth (OAuth 1.0a 2.0 AS RS) Third-party Your API Web site (OAuth 2.0 (OAuth 2.0 RS/OAuth Client) 1.0a Client)
  • 5. Your AS gets a Request Token (RT) from Twitter’s AS bymaking an authenticated call using your Twitter client key. Twitter’s Twitter User OAuth 1.0a (RO) AS Twitter API Your OAuth (OAuth 1.0a 2.0 AS RS) Third-party Your API Web site (OAuth 2.0 (OAuth 2.0 RS/OAuth Client) 1.0a Client)
  • 6. Your AS redirects the user to Twitter w/ the RT and a digitalsignature. Twitter’s Twitter User OAuth 1.0a (RO) AS Twitter API Your OAuth (OAuth 1.0a 2.0 AS RS) Third-party Your API Web site (OAuth 2.0 (OAuth 2.0 RS/OAuth Client) 1.0a Client)
  • 7. The user authenticates to Twitter if they don’t have asession already. Twitter’s Twitter User OAuth 1.0a (RO) AS Twitter API Your OAuth (OAuth 1.0a 2.0 AS RS) Third-party Your API Web site (OAuth 2.0 (OAuth 2.0 RS/OAuth Client) 1.0a Client)
  • 8. The user grants your API access to Twitter’s API. Twitter’s Twitter User OAuth 1.0a (RO) AS Twitter API Your OAuth (OAuth 1.0a 2.0 AS RS) Third-party Your API Web site (OAuth 2.0 (OAuth 2.0 RS/OAuth Client) 1.0a Client)
  • 9. Twitter redirects the user to your AS’s callback URL w/ theRT from before. Twitter’s Twitter User OAuth 1.0a (RO) AS Twitter API Your OAuth (OAuth 1.0a 2.0 AS RS) Third-party Your API Web site (OAuth 2.0 (OAuth 2.0 RS/OAuth Client) 1.0a Client)
  • 10. Your AS exchanges the RT for an Access Token (AT) andstores/associates this with the user. Twitter’s Twitter User OAuth 1.0a (RO) AS Twitter API Your OAuth (OAuth 1.0a 2.0 AS RS) Third-party Your API Web site (OAuth 2.0 (OAuth 2.0 RS/OAuth Client) 1.0a Client)
  • 11. Your AS redirects the user with an Access Code (AC) to thecallback URL of the third-party consumer of your API. Twitter’s Twitter User OAuth 1.0a (RO) AS Twitter API Your OAuth (OAuth 1.0a 2.0 AS RS) Third-party Your API Web site (OAuth 2.0 (OAuth 2.0 RS/OAuth Client) 1.0a Client)
  • 12. The client exchanges the AC for a new AT specific to yourAPI by authenticating w/ the client key you gave them. Twitter’s Twitter User OAuth 1.0a (RO) AS Twitter API Your OAuth (OAuth 1.0a 2.0 AS RS) Third-party Your API Web site (OAuth 2.0 (OAuth 2.0 RS/OAuth Client) 1.0a Client)
  • 13. The client calls your API with an AT from your AS. Twitter’s Twitter User OAuth 1.0a (RO) AS Twitter API Your OAuth (OAuth 1.0a 2.0 AS RS) Third-party Your API Web site (OAuth 2.0 (OAuth 2.0 RS/OAuth Client) 1.0a Client)
  • 14. Your API looks up the Twitter AT by submitting the onepresented to your API. Twitter’s Twitter User OAuth 1.0a (RO) AS Twitter API Your OAuth (OAuth 1.0a 2.0 AS RS) Third-party Your API Web site (OAuth 2.0 (OAuth 2.0 RS/OAuth Client) 1.0a Client)
  • 15. Your API calls the Twitter API using the previously grantedaccess. Twitter’s Twitter User OAuth 1.0a (RO) AS Twitter API Your OAuth (OAuth 1.0a 2.0 AS RS) Third-party Your API Web site (OAuth 2.0 (OAuth 2.0 RS/OAuth Client) 1.0a Client)
  • 16. The Twitter data is used and your API returns the results. Twitter’s Twitter User OAuth 1.0a (RO) AS Twitter API Your OAuth (OAuth 1.0a 2.0 AS RS) Third-party Your API Web site (OAuth 2.0 (OAuth 2.0 RS/OAuth Client) 1.0a Client)

×