in oauth1.0a following process exists
signatures play role verify request client , server.
request token
consumer secret used create signatures.
authorization process
exchanging temporary oauth token permanent oauth token
can explain processes exist in oauth2.0 , use of consumer secret key?
this link explains workflow in oauth 2.0 clearly. go through it.
in authorization code flow -
1. app calls oauth provider, opens authorization window user keys in credentials.
2. when user grants access, user's browser receives authorization code. authorization code passed client server.
3. now, while exchanging authorization code access token - client passes code along client_secret , client_id.
Comments
Post a Comment