XQuery/OAuth
Motivation
[edit | edit source]You want to login to a web service that support the OAuth protocol.
Background
[edit | edit source]OAuth is an open protocol to allow secure API authorization in a simple and standard method from desktop and web applications. Like OpenID, OAuth allows other web services to use your private data without giving out your passwords.
Terminology
[edit | edit source]Consumer Key - When you register as a developer with a OAuth service provider they will send you an API key to use with their service. This is typically about a 65 character string composed of digits and letter.
Service Provider - an organization like LinkedIn, Google, or Twitter that has some of your data protected behind a web service.
Token - a somewhat long string of computer-generated letters and numbers use in AOuth data exchanges. These strings hard to guess, and are paired with a secret key to protect the token from being used by unauthorized parties. OAuth defines two different types of tokens: a request token and access token.
Steps
[edit | edit source]We will perform this process in the following steps:
- Request a Token
- Sign
- etc.
Here is an example of the structure that contains OAuth information (from 28msec web site)
<oa:service-provider realm="example.com/oauth">
<oa:request-token>
<oa:url></oa:url>
<oa:http-method>GET</oa:http-method>
</oa:request-token>
<oa:user-authorization>
<oa:url></oa:url>
</oa:user-authorization>
<oa:access-token>
<oa:url></oa:url>
<oa:http-method>GET</oa:http-method>
</oa:access-token>
<oa:supported-signature-methods>
<oa:method>HMAC-SHA1</oa:method>
</oa:supported-signature-methods>
<oa:oauth-version>1.0</oa:oauth-version>
<oa:authentication>
<oa:consumer-key>your consumer key</oa:consumer-key>
<oa:consumer-key-secret>your consumer secret</oa:consumer-key-secret>
</oa:authentication>
</oa:service-provider>
References
[edit | edit source]- sample OAuth and Twitter XQuery modules from Joe Wicentowski
- Joe Wicentowski's excellent posting on how to use OAuth to access twitter using XQuery on eXist
- http://oauth.net/
- http://hueniverse.com/2007/10/beginners-guide-to-oauth-part-ii-protocol-workflow/
- http://sausalito.28msec.com/latest/index.php?id=working_with_oauth
- Examples of XML definitions for service Provider Structures
- MarkLogic Facebook OAuth module
- Norm Walsh on OAuth
- OAuth for BaseX
- Google Developer's API