All geek questions in one place

How to authenticate a calm web service using oAuth

I want to do authentication in a RESTful web service for every request. I became familiar with the OAuth features on the website. What should I store in the database or does the token key or access key need to be checked using the database? I have a REST web app and an Android app to call a web service. Thus, the web service is used as a service provider, UserLogin is an application for users and Android as a consumer, as described on the Oauth website. So, if the user request from android is kind of

  GET /username/a.jpg HTTP / 1.1
 Host: localhost: 8080
 Authorization: OAuth realm = "http: //localhost/username/a.jpg",
     oauth_consumer_key = "dpf43f3p2l4k3l03",
     oauth_token = "nnch734d00sl2jdk",
     oauth_nonce = "kllo9940pd9333jh",
     oauth_timestamp = "1191242096",
     oauth_signature_method = "HMAC-SHA1",
     oauth_version = "1.0",
     oauth_signature = "tR3% 2BTy81lMeYAr% 2FFid0kMTYa% 2FWM% 3D"

But on the server side, which is a web service, how to check with the database or which key will be used for verification? is it a signature?

+6
source share
1 answer

Read http://oauth.net/core/1.0/ .. in particular, Appendix A.2 - A.4. It describes the β€œhandshake” that occurs when a service does not gain access, then redirects the user to the authentication website, and then returns back to the callback URL.

As you requested, in A.4 yes, the service then verifies the signature and responses with the access token.

+4
source

Source: https://habr.com/ru/post/888560/

More articles:


All Articles