About OAuth 1.0 Authentication

Applies to ReadyAPI 3.5, last modified on December 29, 2020
OAuth Logo

OAuth is an authorization method used to provide access to resources over the HTTP protocol.

Usage

OAuth 1 can be used for authorization of various applications or manual user access.

The general way it works is providing an application with an access token (which represents a user’s permission for the client to access their data) for request authentication.

A sample OAuth flow

Click the image to enlarge it.

OAuth Versions

There are two versions of OAuth authorization: OAuth 2.0 (it uses the HTTPS protocol to pass tokens) and OAuth 1 (it uses HMAC-SHA signature strings).

OAuth 1 Terms

OAuth 1 has a few interacting components:

  • User is a person who wants to get access.
  • Consumer is an application or website that uses OAuth to access the Service Provider.
  • Service Provider is a web application that allows access via OAuth.
  • Protected Resource is the data the user wants to access.

Tokens

OAuth 1 Authorization uses Request Token and Access Token to get access to the resources on the resource server.

Request Token – a token containing Consumer Key and Consumer Secret used to ask the service for authorization.

Access Token – a token used to access the resource.

The tokens can have different formats and structures based on the service provider security requirements.

See Also

Wikipedia Article: OAuth
OAuth Core 1.0

Highlight search results