O'Reilly logo

Programming Social Applications by Jonathan LeBlanc

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Step 5: Exchange the Preapproved Request Token for an Access Token

Assuming that the OpenID provider’s response was an approved state containing the preapproved request token, we can now go through the process of exchanging that request token for an access token. This will allow us to make requests to the provider for privileged user resources.

The exchange between the relaying party and provider in this step looks something like Figure 12-3.

Hybrid auth, step 5: Relaying party exchanges the preapproved request token for an access token from the provider

Figure 12-3. Hybrid auth, step 5: Relaying party exchanges the preapproved request token for an access token from the provider

The relaying party will issue a request to the provider to exchange the preapproved request token for an access token. With the exception of the differences in creating a request token object, this step is identical to the request token/access token exchange in the standard OAuth flow.

The provider will check to ensure that the request and token are valid and then return an access token string to the relaying party. The relaying party can then turn that string into an access token object and use it to make signed requests for the user’s privileged data.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required