Professional Documents
Culture Documents
This serves as an example of how OAuth identification for the user. In the workflow diagrammed below,
delegation could work, In this example, a user has Tweetie makes a signed OAuth call to TwitPic, who in
authorized Tweetie, and would like to use TwitPic to turn calls Twitter (specifically to account/
store photos. The TwitPic API has an endpoint named verify_credentials but with some extra
upload which currently takes image data, and a parameters to pass that signature along). Twitter
Twitter username and password. When Tweetie verifies the delegated identify verification request, and
currently calls this endpoint, TwitPic presumably calls TwitPic can then save the image, and return the
Twitter to verify the credentials before saving the photo image's URL to Tweetie.
1. Request (C to D)
POST upload (protected resource, PR)
⁃ Includes image to store
⁃ Includes x_auth_service_provider parameter to
specify who to authenticate against (SP's base URL)
⁃ Signed with both consumer token/secret & U's access
token/secret, but against D's PR (S1)
Consumer (C)
Delegator (D)
⁃ Has consumer token/ ⁃ Has consumer token/
secret for SP secret for SP
⁃ Has Twitter access ⁃ Has the protected
token/secret for U resource PR