Scribd Logo
Upload

Welcome to Scribd!

  • OAuth Identity Veri Cation Delegation Example Work Ow (Draft)

    Uploaded by

    api-25885864
    445 views1 page
    Tweetie has authorized tweetie, and would like to use TwitPic to store photos. TwitPic has an endpoint named upload which currently takes image data, and a Twitter username and password. Tweetie makes a signed OAuth call to Tweetie who in turn calls Twitter. Twitter verifies the delegated identify verification request, and Tweetie returns the image's URL.

    Original Description:

    Original Title

    OAuth Identity Verification Delegation Example Workflow (Draft)

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Tweetie has authorized tweetie, and would like to use TwitPic to store photos. TwitPic has an endpoint named upload which currently takes image data, and a Twitter username and password. Tweetie makes a signed OAuth call to Tweetie who in turn calls Twitter. Twitter verifies the delegated identify verification request, and Tweetie returns the image's URL.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    445 views1 page

    OAuth Identity Veri Cation Delegation Example Work Ow (Draft)

    Uploaded by

    api-25885864
    Tweetie has authorized tweetie, and would like to use TwitPic to store photos. TwitPic has an endpoint named upload which currently takes image data, and a Twitter username and password. Tweetie makes a signed OAuth call to Tweetie who in turn calls Twitter. Twitter verifies the delegated identify verification request, and Tweetie returns the image's URL.

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 1

    OAuth Identity verification delegation example workflow (draft)

    This serves as an example of how OAuth identification for the user. In the workflow diagrammed below,
    delegation could work, In this example, a user has Tweetie makes a signed OAuth call to TwitPic, who in
    authorized Tweetie, and would like to use TwitPic to turn calls Twitter (specifically to account/
    store photos. The TwitPic API has an endpoint named verify_credentials but with some extra
    upload which currently takes image data, and a parameters to pass that signature along). Twitter
    Twitter username and password. When Tweetie verifies the delegated identify verification request, and
    currently calls this endpoint, TwitPic presumably calls TwitPic can then save the image, and return the
    Twitter to verify the credentials before saving the photo image's URL to Tweetie.

    1. Request (C to D)
    POST upload (protected resource, PR)
    ⁃ Includes image to store
    ⁃ Includes x_auth_service_provider parameter to
    specify who to authenticate against (SP's base URL)
    ⁃ Signed with both consumer token/secret & U's access
    token/secret, but against D's PR (S1)
    Consumer (C)

    Delegator (D)
    ⁃ Has consumer token/ ⁃ Has consumer token/
    secret for SP secret for SP
    ⁃ Has Twitter access ⁃ Has the protected
    token/secret for U resource PR

    2. Request to verify identity (D to SP)


    POST account/verify_credentials
    ⁃ Temporarily store image and make request to Twitter
    ⁃ Includes x_auth_mode which is set to "delegation"
    ⁃ Includes x_request_method which is set to the
    method used to access PR
    ⁃ Includes x_request_url which is set to the URL of
    the PR
    ⁃ Includes x_request_parameters which are the
    encoded parameters sent to PR
    ⁃ Includes x_request_authorization which is set to
    the entire authorization block
    ⁃ Signed with D consumer token/secret (creates a S2 that
    "wraps" S1)

    3. Verify identity (SP to D)


    ⁃ Given x_request_method, x_request_url,
    x_request_parameters, and
    x_request_authorization, verify S1 to confirm it
    was signed by U and C
    Provider (SP)

    ⁃ Return 2xx if valid, else return error


    Service

    OAuth 1.0a Delegation extension Draft


    Raffi Krikorian <raffi@twitter.com>
    9 February 2010

    You might also like