How to authenticate restful web service using oAuth

13,032

Read up on http://oauth.net/core/1.0/ .. specifically Appendix A.2 through A.4. It describes the "handshake" that takes place when a service fails to get access, then redirects the user to the authentication website, then is returned back to the callback url.

As you asked, in A.4, yes, the service then examines the signature and replies with an access token.

Share:
13,032
sudo
Author by

sudo

Updated on June 04, 2022

Comments

  • sudo
    sudo over 1 year

    I want to do authentication in RESTful web service for every request. I have read scope about OAuth in website. What should I store in database or which token key or access key need to check with database? I have REST web serivce and android app to call web serivce. So, Web service is served as a Service Provider, UserLogin is user and Android application as a Consumer like describe in Oauth site. So, if user request from android like

    GET /username/a.jpg HTTP/1.1
    Host: localhost:8080
    Authorization: OAuth realm="http://localhost/username/a.jpg",
        oauth_consumer_key="dpf43f3p2l4k3l03",
        oauth_token="nnch734d00sl2jdk",
        oauth_nonce="kllo9940pd9333jh",
        oauth_timestamp="1191242096",
        oauth_signature_method="HMAC-SHA1",
        oauth_version="1.0",
        oauth_signature="tR3%2BTy81lMeYAr%2FFid0kMTYa%2FWM%3D" 
    

    But from server side which is web service how to check with database or which key will be use to check? is it signature?