-
Notifications
You must be signed in to change notification settings - Fork 67
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge remote-tracking branch 'origin/gh-pages' into gh-pages
- Loading branch information
Showing
571 changed files
with
16,356 additions
and
14,175 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,197 @@ | ||
<!DOCTYPE html> | ||
<html prefix="og: http://ogp.me/ns#" lang="en"> | ||
<head> | ||
<title>Understanding OAuth 1.0: Access Token</title> | ||
<meta charset="utf-8"> | ||
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=1"> | ||
<link rel="canonical" href="https://www.passportjs.org/concepts/oauth/access-token/"> | ||
<link rel="manifest" href="/manifest.webmanifest"/> | ||
<meta name="theme-color" content="#35DF79"/> | ||
<link rel="shortcut icon" href="/images/favicon/favicon.ico"/> | ||
<link rel="icon" sizes="16x16" type="image/png" href="/images/favicon/favicon-16x16.png"/> | ||
<link rel="icon" sizes="32x32" type="image/png" href="/images/favicon/favicon-32x32.png"/> | ||
<link rel="icon" sizes="36x36" type="image/png" href="/images/favicon/android-icon-36x36.png"/> | ||
<link rel="icon" sizes="48x48" type="image/png" href="/images/favicon/android-icon-48x48.png"/> | ||
<link rel="icon" sizes="70x70" type="image/png" href="/images/favicon/ms-icon-70x70.png"/> | ||
<link rel="icon" sizes="72x72" type="image/png" href="/images/favicon/android-icon-72x72.png"/> | ||
<link rel="icon" sizes="96x96" type="image/png" href="/images/favicon/android-icon-96x96.png"/> | ||
<link rel="icon" sizes="144x144" type="image/png" href="/images/favicon/ms-icon-144x144.png"/> | ||
<link rel="icon" sizes="150x150" type="image/png" href="/images/favicon/ms-icon-150x150.png"/> | ||
<link rel="icon" sizes="192x192" type="image/png" href="/images/favicon/android-icon-192x192.png"/> | ||
<link rel="icon" sizes="310x310" type="image/png" href="/images/favicon/ms-icon-310x310.png"/> | ||
<link rel="apple-touch-icon" href="/images/favicon/apple-icon-57x57.png"/> | ||
<link rel="apple-touch-icon" sizes="60x60" href="/images/favicon/apple-icon-60x60.png"/> | ||
<link rel="apple-touch-icon" sizes="72x72" href="/images/favicon/apple-icon-72x72.png"/> | ||
<link rel="apple-touch-icon" sizes="76x76" href="/images/favicon/apple-icon-76x76.png"/> | ||
<link rel="apple-touch-icon" sizes="114x114" href="/images/favicon/apple-icon-114x114.png"/> | ||
<link rel="apple-touch-icon" sizes="120x120" href="/images/favicon/apple-icon-120x120.png"/> | ||
<link rel="apple-touch-icon" sizes="144x144" href="/images/favicon/apple-icon-144x144.png"/> | ||
<link rel="apple-touch-icon" sizes="152x152" href="/images/favicon/apple-icon-152x152.png"/> | ||
<link rel="apple-touch-icon" sizes="180x180" href="/images/favicon/apple-icon-180x180.png"/> | ||
<meta name="msapplication-config" content="/browserconfig.xml"/> | ||
<meta name="msapplication-TileColor" content="#35DF79"/> | ||
<meta name="msapplication-TileImage" content="/images/favicon/ms-icon-144x144.png"/> | ||
<meta property="og:type" content="website"/> | ||
<meta property="og:title" content="Understanding OAuth 1.0: Access Token"/> | ||
<meta property="og:url" content="https://www.passportjs.org/concepts/oauth/access-token/"/> | ||
<meta property="og:image" content="https://www.passportjs.org/images/facebook-card.png"/> | ||
<meta property="og:image:type" content="image/png"/> | ||
<meta property="og:image:width" content="1200"/> | ||
<meta property="og:image:height" content="630"/> | ||
<meta property="og:site_name" content="Passport.js"/> | ||
<meta name="twitter:card" content="summary_large_image"/> | ||
<meta name="twitter:site" content="@passportjs"/> | ||
<meta name="twitter:title" content="Understanding OAuth 1.0: Access Token"/> | ||
<meta name="twitter:image" content="https://www.passportjs.org/images/twitter-card.png"/> | ||
<meta name="flattr:id" content="d5znvd"/> | ||
<script> | ||
(function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ | ||
(i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), | ||
m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) | ||
})(window,document,'script','https://www.google-analytics.com/analytics.js','ga'); | ||
|
||
ga('create', 'UA-73332146-2', 'auto'); | ||
ga('send', 'pageview'); | ||
</script> | ||
<!--+google-tag-manager('GTM-M5S3PH')--> | ||
<!--link(type='text/css', rel='stylesheet', href='http://fast.fonts.net/cssapi/7527d73a-ebfe-45db-a201-ff2812df4b18.css')--> | ||
<link rel="stylesheet" href="//cdnjs.cloudflare.com/ajax/libs/highlight.js/8.5/styles/default.min.css"> | ||
<link rel="stylesheet" href="/assets/styles/all.css"> | ||
<script data-main="/script/main" src="//cdnjs.cloudflare.com/ajax/libs/require.js/2.3.5/require.js"></script> | ||
</head> | ||
<body> | ||
<div id="container"><span id="top"></span> | ||
<div id="toolbar"> | ||
<div class="toolbar-search"> | ||
<form action="/search"> | ||
<button type="submit"></button> | ||
<input type="text" name="q" placeholder="Search for Strategies"> | ||
</form> | ||
</div> | ||
<div class="toolbar-social"> | ||
<ul> | ||
<li class="facebook"><a href="https://www.facebook.com/passportjs" target="_blank"></a></li> | ||
<li class="twitter"><a href="https://twitter.com/passportjs" target="_blank"></a></li> | ||
<li class="github"><a href="https://github.com/jaredhanson/passport" target="_blank"><span class="count">0</span></a></li> | ||
</ul> | ||
</div> | ||
</div> | ||
<nav id="menu"><a class="menu-logo" href="/" title="Passport.js"></a> | ||
<div class="menu-trigger"><span></span></div> | ||
<div class="menu-items"> | ||
<ul> | ||
<li><a href="/">Home</a></li> | ||
<li><a href="/docs/">Documentation</a></li> | ||
<li><a href="/features/">Features</a></li> | ||
<li><a href="/packages/">Strategies</a></li> | ||
<li><a href="/sponsors/">Sponsors</a></li> | ||
</ul><script async type="text/javascript" src="//cdn.carbonads.com/carbon.js?zoneid=1673&serve=C6AILKT&placement=passportjsorg" id="_carbonads_js"></script> | ||
</div> | ||
</nav> | ||
<div id="content"> | ||
<div class="book" id="book"> | ||
<div class="toc"> | ||
<nav data-accordion-group=""> | ||
<div class="accordion" data-accordion=""> | ||
<h5 data-control=""><i class="icon-budicon-461"></i><a href="/concepts/oauth/"></a></h5> | ||
<ul data-content=""> | ||
<li><a href="/concepts/oauth/">Introduction</a></li> | ||
<li><a href="/concepts/oauth/terminology/">Terminology</a></li> | ||
<li><a href="/concepts/oauth/authorization/">Authorization</a></li> | ||
<li><a href="/concepts/oauth/request-token/">Request Token</a></li> | ||
<li><a class="active" href="/concepts/oauth/access-token/">Access Token</a></li> | ||
<li><a href="/concepts/oauth/profile/">Profile</a></li> | ||
<li><a href="/concepts/oauth/authentication/">Authentication</a></li> | ||
</ul> | ||
</div> | ||
</nav> | ||
</div><a id="go-top" href="#top"><i class="icon-budicon-462"></i></a> | ||
<div class="contents"> | ||
<section class="chapter"><h1 id="obtain-access-token">Obtain Access Token</h1> | ||
<p>Once the user has granted access, the application can exchange the request token | ||
for an <em>access token</em>. To obtain a request token, the application makes | ||
a request to the service providers's <em>access token URL</em> (<code>/oauth/access_token</code>, | ||
in the case of Twitter):</p> | ||
<pre><code class="http"><span class="keyword">POST</span> <span class="string">/oauth/access_token</span> <span class="meta">HTTP/1.1</span> | ||
<span class="attribute">Host</span><span class="punctuation">: </span>api.twitter.com | ||
<span class="attribute">Authorization</span><span class="punctuation">: </span>OAuth oauth_consumer_key="cChZNFj6T5R0TigYB9yd1w", | ||
oauth_nonce="a9900fe68e2573b27a37f10fbad6a755", | ||
oauth_signature_method="HMAC-SHA1", | ||
oauth_timestamp="1318467427", | ||
oauth_token="NPcudxy0yU5T3tBzho7iCotZ3cnetKwcTIRlX0iwRl0", | ||
oauth_verifier="uw7NjWHT6OJ1MpJOXsHfNxoAhPKpgI8BlYDhxEjIBY", | ||
oauth_version="1.0", | ||
oauth_signature="39cipBtIOHEEnybAR4sATQTpl2I%3D" | ||
</code></pre> | ||
<p>The parameters for this request are conveyed in the <code>Authorization</code> header. | ||
Let's examine them.</p> | ||
<ul> | ||
<li><p><code>oauth_consumer_key</code>: Identifies the application to the service provider. | ||
This is assigned when registering the application with Twitter.</p> | ||
</li> | ||
<li><p><code>oauth_nonce</code>: A random string uniquely generated by Passport for each | ||
request, used to help prevent replay attacks.</p> | ||
</li> | ||
<li><p><code>oauth_signature_method</code>: The signature method used to sign the request.</p> | ||
</li> | ||
<li><p><code>oauth_timestamp</code>: The number of seconds since January 1, 1970 00:00:00 GMT.</p> | ||
</li> | ||
<li><p><code>oauth_token</code>: The request token obtained previously which the user has now | ||
either authorized or denied.</p> | ||
</li> | ||
<li><p><code>oauth_verifier</code>: The verification code received previously as a parameter | ||
when the service provider redirected the user back to the application's | ||
callback URL.</p> | ||
</li> | ||
<li><p><code>oauth_version</code>: The version of OAuth used to authorize the request, set to | ||
"1.0".</p> | ||
</li> | ||
<li><p><code>oauth_signature</code>: A cryptographic signature used to authenticate the | ||
request. Passport computes this automatically using the application's | ||
consumer secret and the request token secret.</p> | ||
</li> | ||
</ul> | ||
<p>When Twitter receives this request, it authenticates the application by | ||
verifying that the signature was produced by the corresponding consumer key and | ||
secret along with the request token secret. It then verifies that the request | ||
token is valid and was issued to the authenticated application. Finally, it | ||
verifies that verification code is valid.</p> | ||
<p>If the request is valid and authorized, Twitter issues an access token:</p> | ||
<pre><code class="http"><span class="meta">HTTP/1.1</span> <span class="number">200</span> OK | ||
<span class="attribute">Content-Type</span><span class="punctuation">: </span>application/x-www-form-urlencoded | ||
|
||
<span class="language-ini"><span class="attr">oauth_token</span>=<span class="number">7588892</span>-kagSNqWge8gB1WwE3plnFsJHAZVfxWD7Vb57p0b4& | ||
<span class="attr">oauth_token_secret</span>=PbKfYqSryyeKDWz4ebtY3o5ogNLG11WJuZBc9fQrQo</span> | ||
</code></pre> | ||
<p>Let's examine the parameters in this response.</p> | ||
<ul> | ||
<li><p><code>oauth_token</code>: An access token.</p> | ||
</li> | ||
<li><p><code>oauth_token_secret</code>: A shared secret used to cryptographically demonstrate | ||
ownership of the access token when accessing protected resources.</p> | ||
</li> | ||
</ul> | ||
<p>Now that the application has obtained an access token, it can <a href="../profile/">access the user | ||
profile</a>.</p> | ||
</section> | ||
</div> | ||
</div> | ||
</div> | ||
</div> | ||
<div class="search-con"> | ||
<div class="head"><span class="close-ico"></span> | ||
<div class="hold"> | ||
<h2>SEARCH FOR STRATEGIES</h2> | ||
<form action="/"> | ||
<input value="" type="text" name="strategy" placeholder="Start typing" autocomplete="off"> | ||
</form> | ||
<p class="info-line"><span>0</span>STRATEGIES</p> | ||
</div> | ||
</div> | ||
<div class="results"> | ||
<section></section> | ||
</div> | ||
</div> | ||
<!--+google-tag-manager-noscript('GTM-M5S3PH')--> | ||
</body> | ||
</html> |
Oops, something went wrong.