OAuth(4)Introduce the oauth1.0 protocol

OAuth(4)Introduce the oauth1.0 protocol

1. Steps of OAuth 1.0
1. client apply for the 'temporary credentials'
2. 'resource owner' verify 'temporary credentials'
3. 'client' request the 'token credentials' via 'temporary credentials'

client apply for the 'temporary credentials'
client send:
oauth_consumer_key
oauth_signature_method
oauth_timestamp(if signature_method is plaintext can ignore this.)
oauth_nonce     (if signature_method is plaintext can ignore this.)
oauth_version    (optional)
oauth_signature
oauth_callback    (if callback is not used, use oob instead, out-of-band)

server response:
oauth_token
oauth_token_secret
oauth_callback_confirmed

'resource owner' verify 'temporary credentials'
user login the
oauth_token=xxx
, the server will redirect back to
oauth_callback?oauth_token=xxx&oauth_verifier=xxx

'client' request the 'token credentials' via 'temporary credentials'
client send:
oauth_consumer_key
oauth_token
oauth_signature_method
oauth_timestamp            (if signature_method is plaintext can ignore this.)
oauth_nonce                  (if signature_method is plaintext can ignore this.)
oauth_version                 (optional)
oauth_signature
oauth_verifier

server response:
oauth_token                  token credentials id
oauth_token_secrect      token credentials secrect

After that, we can use oauth_token and oauth_token_secrect to visit all the resources.

references:
http://hueniverse.com/oauth/guide/
http://oauth.net/core/1.0/
http://hueniverse.com/oauth/guide/authentication/


http://hueniverse.com/2010/05/introducing-oauth-2-0/
http://tools.ietf.org/html/draft-ietf-oauth-v2-22

http://www.jiangmiao.org/blog/1382.html
http://www.seven2.com.cn/archives/789/
http://blog.csdn.net/hereweare2009/article/details/3968582
http://blog.apigee.com/detail/best_practices_for_oauth_2.0_vs._oauth_1.0_-_one_year_later/
http://blog.apigee.com/detail/oauth_differences/