This document outlines the OAuth 1 and OAuth 2 authorization flows. For OAuth 1, it describes how a consumer requests a request token from the service provider, the user authorizes access, and then the consumer exchanges the request token for an access token. For OAuth 2, it shows how the consumer requests an access token directly from the service provider, which can then be used to access protected resources via signatures.

1. Oauth 1 Consumer SP oauth_token & oauth_ token_ secret -> <- request_token (key &sig ) <- authorize (oauth_token)‏ request_token_ready (oauth_token) -> Set up key & secret -> <- Obtain user consent Give consent -> Initiate & specify SP ->

2. Oauth 2 Consumer SP <- access_token (key & oauth_token & sig)‏ Resource -> Check signature & authorization <- Service (resource)‏ oauth_token & oauth_ token_ secret -> <- GET resource ?oauth_token & key & sig