Вы находитесь на странице: 1из 1

OAuth Identity verification delegation example workflow v0.

2 (draft)
This serves as an example of how OAuth identification for the user. In the workflow diagrammed below,
delegation could work, In this example, a user has Tweetie makes a call to TwitPic with the appropriate
authorized Tweetie, and would like to use TwitPic to parameters, and also passes an OAuth authorization
store photos. The TwitPic API has an endpoint named header signed to Twitter. TwitPic can then call
upload which currently takes image data, and a account/verify_credentials with that header.
Twitter username and password. When Tweetie Twitter verifies the delegated identify verification
currently calls this endpoint, TwitPic presumably calls request, and TwitPic can then save the image, and
Twitter to verify the credentials before saving the photo return the image's URL to Tweetie.

1. Request (C to D)
POST upload (protected resource, PR)
⁃ Includes image to store
⁃ Includes x_auth_service_provider to specify who
to authenticate against (SP's base URL)
⁃ Includes x_verify_credentials_authorization
parameter which is the Authorization header that C
would have sent to SP if calling account/
verify_credentials directly
Consumer (C)

Delegator (D)

⁃ Has consumer token/


secret for SP ⁃ Has the protected
⁃ Has Twitter access resource PR
token/secret for U

2. Request to verify identity (D to SP)


POST account/verify_credentials
⁃ Temporarily store image and make request to Twitter
⁃ Use the x_auth_service_provider value that was
passed as the contents of the Authorization header

3. Verify identity (SP to D)


⁃ Authorize the call to account/verify_credentials
as a regular OAuth call
⁃ Return 2xx if valid, else return error
Provider (SP)
Service

OAuth 1.0a Delegation extension v0.2 (draft)


Raffi Krikorian <raffi@twitter.com>
9 February 2010

Вам также может понравиться