2. 2 / 6
What is OAuth?
OAuth is an authorization framework that enables a third-party
application to obtain a limited access to an HTTP service.
OAuth is a standard that applications (and the developers who love
them) can use to provide client applications with “secure delegated
access”. OAuth works over HTTP and authorizes Devices, APIs, Servers
and Applications with access tokens rather than credentials
There are two versions of OAuth: OAuth 1.0a and OAuth2. These
specifications are completely different from one another, and cannot be
used together: there is no backwards compatibility between them.
5. 5 / 6
Why OAuth 2.0?
Simplicity: OAuth 2.0 focuses on client developer simplicit while
providing specific authorization flows for web
applications, desktop applications, mobile phones, and
living room devices.
Security: OAuth is often referred to as a valet key for the web in
that it grants an application access to protected data only for
specific uses and often for a limited amount of time.
6. 6 / 6
Implementing OAuth with Twitter
Step 1: Obtaining a request token
Your application must obtain a request token by sending a signed
message to POST oauth / request_token.
Step 2: Redirecting the user
Direct the user to GET oauth / authenticate, and the request token
obtained in step 1 should be passed as the oauth_token parameter.
7. 7 / 6
Step 3: Converting the request token to an access token
To render the request token into a usable access token, your
application must make a request to the POST oauth/access_token
endpoint, containing the oauth_verifier value obtained in step 2.
The request token is also passed in the oauth_token portion of the
header, but this will have been added by the signing process.