OAuth 1.0a Workflow
First, let’s look at OAuth’s general workflow behind the scenes as we get the authorization for a user and acquire a token so we can access her privileged information:
Obtain a consumer key and secret from the service provider that we are trying to access data from.
Make a request to the service provider to obtain a request token to permit us to seek permissions from the user.
Forward the user to the provider’s login and permission screens in order to obtain her authorization to use her personal information.
Exchange the verified request token object for an access token, which allows us to make requests on the user’s behalf.
Let’s break down these steps further to see what is going on at a more granular level.
Obtain a consumer key and secret
To complete the OAuth workflow and start collecting a user’s social information, the first thing we need to do is to obtain a consumer key and secret from the provider from which we are trying to access data (e.g., Yahoo!, Google, Twitter). These keys are normally issued when we’re creating applications through the provider’s developer programs, such as:
The Yahoo! Application Platform: http://developer.yahoo.com/yap
Twitter Applications: http://developer.twitter.com/apps/new
FourSquare Applications: http://foursquare.com/apps/
Google Apps: http://www.google.com/apps/
There is a simple, standard process that you will follow when creating these applications to obtain the secret and key, as shown in Figure 9-1.
Figure 9-1. OAuth 1, step ...
Get Programming Social Applications now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
