Google Groups Home
Help | Sign in
OAuth
Home
Pages
Files
About this group
Apply for group membership
Recent pages and files
Unified Spec Notes    
  • Definitions
    • need to separately define two separate tokens
    • API Endpoint URLs -- needs improved definition
    • User should capitalized consistently
    • remove callback URL
    • change to OAuth Protocol Parameters
  • Documentation and Registration
    • used to be setting up for OAuth
    • an additional sentence that explains consumer secret trustworthiness --> move to security considerations document
    • changed MUST NOT to SHOULD NOT...
    • removed last sentence contain "consumer type"
    • Endpoint URLs
      • scheme, host, port, path -- use fully qualified URLs, not method
      • add example from RFC
      • MUST contain OAuth Protocol Parameters
    • Service Providers
      • separating OAuth Endpoint URLs
      • Change SHOULD to MUST
    • Consumers
      • removed two paragraphs...
      • consumer developer MAY be required to provide addition info to SP
  • Parameters
    • change to OAuth Protocol Parameters
    • Parameter Encoding
      • added examples for the proper encoding code
      • operating in UTF8 space
      • url encoding
      • general consensus on this part!
    • Request Parameters
      • pluralize API Endpoint URL
      • soap, xml-rpc could have problems... use AUTH headers?
      • rename section to "sending request parameters"?
      • revise spec to cover post body being signed...
    • Response Parameters
      • adding example
      • doesn't handle xml-rpc case
      • everyone can split on equals and colon
      • add a version number to every request not replies...
      • change to URL encoding
    • Using HTTP Authorization Headers
      • Authorization Header
        • use SHA1
        • use alphanumerical
      • WWW-Authenticate Header
  • Authenticating with OAuth
    • Obtaining a Request Token
        1. Consumer Requests a Request Token
        2. Service Provider Issues an Unauthorized Request Token
        3. Consumer Directs the User to the Service Provider
        4. Service Provider Authenticates the User and Obtains Consent
        5. Service Provider Directs the User Back to the Consumer
        • Web-Based Consumers
        • Limited Consumers
    • Obtaining an Access Token
        1. Consumer Requests an Access Token
        2. Service Provider Grants an Access Token
  • Accessing Protected Resources
  • Signing API Requests
    • PLAINTEXT
    • HMAC-SHA1
      1. Normalize Service Provider Request Parameters
      2. Generate a Nonce and Timestamp
      3. Concatenate Parameters into a String
      4. Calculate HMAC value
      5. Set Signature Parameters
    • RSA-SHA1
      1. Build the Concatenated Request String
      2. Calculate RSA Signature Value
      3. Set Signature parameters
  • HTTP Response Codes
  • Appendix A – Protocol Example
      1. Documentation and Registration
      2. Obtaining a Request Token
      3. Requesting User Authorization
      4. Obtaining an Access Token
      5. Accessing Protected Resources
  • Appendix B – References
Version: 
Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2008 Google