Single Sign On
This is a protected page.
OAuth[edit]
Introduction[edit]
OAuth is an open authorization delegation protocol. It allows users (User) to share private resources (photos, videos, contact list, bank accounts) stored on one site (Service Provider) with another (Consumer) without having to hand out username and password. OAuth delegate access scenario, also known as 3-legged scenario, where three parties (legs) are involved: Service Provider, Consumer, and User. But OAuth can be used also for direct access scenario, known as 2-legged scenario – one side authenticates with the other, for example, a person logging to a site using username and password.
Example/Scenario[edit]
User wants to print photos using online print shop (in OAuth Consumer). The User logs in the online pirnt shop and say: „Import photos for printing from Flickr“. The user will be redirected to Flickr (in OAuth Service Provider) and has to log in and grant acces to the online print shop to his photos. Mostly is the access time-constrained (e.g. 1 hour). Then the user is redirected to the print shop and can choose from all his imported pictures from Flickr those for printing without sharing his credentials with the printing application.
Roles/Definitions[edit]
- Service Provider – Website or web-service where the restricted resources are located (e.g. Flickr)
- User – has account with Service Provider
- Consumer – web or desktop application uses OAuth to access the Service Provider on behalf of the user (e.g. online printing application)
- Consumer Developer - An individual or organization that implements a Consumer.
- Consumer Key - A value used by the Consumer to identify itself to the Service Provider.
- Consumer Secret - A secret used by the Consumer to establish ownership of the Consumer Key.
- Request Token - A value used by the Consumer to obtain authorization from the User, and exchanged for an Access Token.
- Access Token - A value used by the Consumer to gain access to the Protected Resources on behalf of the User, instead of using the User's Service Provider credentials.
- Token Secret - A secret used by the Consumer to establish ownership of a given Token.
- OAuth Protocol Parameters - Parameters with names beginning with oauth_.
OAuth includes a Consumer Key and matching Consumer Secret that together authenticate the Consumer (as opposed to the User) to the Service Provider. Consumer-specific identification allows the Service Provider to vary access levels to Consumers (such as un-throttled access to resources).
Service Providers SHOULD NOT rely on the Consumer Secret as a method to verify the Consumer identity, unless the Consumer Secret is known to be inaccessible to anyone other than the Consumer and the Service Provider. The Consumer Secret MAY be an empty string (for example when no Consumer verification is needed, or when verification is achieved through other means such as RSA).
see Core 1.0