OAuth is an authorization method used to provide access to resources over the HTTP protocol.
Usage
OAuth 1 can be used for authorization of various applications or manual user access.
The general way it works is providing an application with an access token (which represents a user’s permission for the client to access their data) for request authentication.
Click the image to enlarge it.
OAuth Versions
There are two versions of OAuth authorization: OAuth 2.0 (it uses the HTTPS protocol to pass tokens) and OAuth 1 (it uses HMAC-SHA signature strings).
OAuth 1 Terms
OAuth 1 has a few interacting components:
- User is a person who wants to get access.
- Consumer is an application or website that uses OAuth to access the Service Provider.
- Service Provider is a web application that allows access via OAuth.
- Protected Resource is the data the user wants to access.
Tokens
OAuth 1 Authorization uses Request Token and Access Token to get access to the resources on the resource server.
Request Token – a token containing Consumer Key and Consumer Secret used to ask the service for authorization.
Access Token – a token used to access the resource.
The tokens can have different formats and structures based on the service provider security requirements.