XQuery/OAuth

Motivation

You want to login to a web service that support the OAuth protocol.

Background

OAuth is an open protocol to allow secure API authorization in a simple and standard method from desktop and web applications. Like OpenID, OAuth allows other web services to use your private data without giving out your passwords.

Terminology

Consumer Key - When you register as a developer with a OAuth service provider they will send you an API key to use with their service. This is typically about a 65 character string composed of digits and letter.

Service Provider - an organization like LinkedIn, Google, or Twitter that has some of your data protected behind a web service.

Token - a somewhat long string of computer-generated letters and numbers use in AOuth data exchanges. These strings hard to guess, and are paired with a secret key to protect the token from being used by unauthorized parties. OAuth defines two different types of tokens: a request token and access token.

Steps

We will perform this process in the following steps:

Request a Token
Sign
etc.

Here is an example of the structure that contains OAuth information (from 28msec web site)

<oa:service-provider realm="example.com/oauth">  <oa:request-token> <oa:url></oa:url> <oa:http-method>GET</oa:http-method> </oa:request-token> <oa:user-authorization> <oa:url></oa:url> </oa:user-authorization> <oa:access-token> <oa:url></oa:url> <oa:http-method>GET</oa:http-method> </oa:access-token> <oa:supported-signature-methods> <oa:method>HMAC-SHA1</oa:method> </oa:supported-signature-methods>  <oa:oauth-version>1.0</oa:oauth-version> <oa:authentication> <oa:consumer-key>your consumer key</oa:consumer-key> <oa:consumer-key-secret>your consumer secret</oa:consumer-key-secret> </oa:authentication> </oa:service-provider>

References