Aim was to explore the tasks involved in creating a three-legged OAUTH server. For e.g. Create OWN secure API which can be released publiclyaly.
The Common practice for implementing OAuth is two-legged or three-legged OAuth server. The major difference between these two is that two legged doesn’t involve another user. For e.g. if one want to access a user’s specific information, then consume three-legged server because an access token must be generated for the user in the application.
For practical real world use, one should focus on the three-legged variety since its more practical for real-world use.
The following is the simplified flow
- The Consumer requests a token from the server
- The consumer then directs the user to a login page, passing the token with them
- The user logs in and is redirected to the consumer with an access token
- The consumer takes the access token and requests the OAuth token to use with the future secure requests.
- The OAuth token is retrieved, and the developer can now make secure requests by passing the token for validation.
There are some reference code / samples available at https://code.google.com/p/oauth-php/
Below are the steps involved in setting up the OAuth server
- Setting up the database
- Creating OAuth Server
- Allowing registration
- Generating request token
- Exchanging Request token for an Access token
- Validating a request
- Testing OAuth server
References:
No comments:
Post a Comment