First, let’s look at OAuth’s general workflow behind the scenes as we get the authorization for a user and acquire a token so we can access her privileged information:
Obtain a consumer key and secret from the service provider that we are trying to access data from.
Make a request to the service provider to obtain a request token to permit us to seek permissions from the user.
Forward the user to the provider’s login and permission screens in order to obtain her authorization to use her personal information.
Exchange the verified request token object for an access token, which allows us to make requests on the user’s behalf.
Let’s break down these steps further to see what is going on at a more granular level.
To complete the OAuth workflow and start collecting a user’s social information, the first thing we need to do is to obtain a consumer key and secret from the provider from which we are trying to access data (e.g., Yahoo!, Google, Twitter). These keys are normally issued when we’re creating applications through the provider’s developer programs, such as:
There is a simple, standard process that you will follow when creating these applications to obtain the secret and key, as shown in Figure 9-1.
Figure 9-1. OAuth 1, step ...