首頁 探索 說明
登入
boarspring
/
repo_zf1Php7
派生自 boarspring/repo_zf1
2
0
複刻 0
Files
目錄樹: 3e9b26c748
分支列表 標籤列表
repo_zf1Php7
/
documentation
/
manual
/
en
/
module_specs
/
Zend_Oauth-ProtocolWorkflow.xml

Zend_Oauth-ProtocolWorkflow.xml 4.5 KB
文件歷史 原始文件

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576 
  1. <?xml version="1.0" encoding="UTF-8"?>
    2. 

  2. <!-- Reviewed: no -->
    3. 

  3. <sect2 id="zend.oauth.introduction.protocol-workflow">
    4. 

  4.     <title>Protocol Workflow</title>
    5. 

  5. 

  6.     <para>
    7. 

  7.         Before implementing OAuth it makes sense to understand how the protocol operates. To do so
    8. 

  8.         we'll take the example of Twitter which currently implements OAuth based on the OAuth Core
    9. 

  9.         1.0 Revision A Specification. This example looks at the protocol from the perspectives of
    10. 

  10.         the User (who will approve access), the Consumer (who is seeking access) and the Provider
    11. 

  11.         (who holds the User's private data). Access may be read-only or read and write.
    12. 

  12.     </para>
    13. 

  13. 

  14.     <para>
    15. 

  15.         By chance, our User has decided that they want to utilise a new service called TweetExpress
    16. 

  16.         which claims to be capable of reposting your blog posts to Twitter in a manner of seconds.
    17. 

  17.         TweetExpress is a registered application on Twitter meaning that it has access to a Consumer
    18. 

  18.         Key and a Consumer Secret (all OAuth applications must have these from the Provider they
    19. 

  19.         will be accessing) which identify its requests to Twitter and that ensure all requests can
    20. 

  20.         be signed using the Consumer Secret to verify their origin.
    21. 

  21.     </para>
    22. 

  22. 

  23.     <para>
    24. 

  24.         To use TweetExpress you are asked to register for a new account, and after your registration
    25. 

  25.         is confirmed you are informed that TweetExpress will seek to associate your Twitter account
    26. 

  26.         with the service.
    27. 

  27.     </para>
    28. 

  28. 

  29.     <para>
    30. 

  30.         In the meantime TweetExpress has been busy. Before gaining your approval from Twitter, it
    31. 

  31.         has sent a <acronym>HTTP</acronym> request to Twitter's service asking for a new
    32. 

  32.         unauthorized Request Token. This token is not User specific from Twitter's perspective, but
    33. 

  33.         TweetExpress may use it specifically for the current User and should associate it with their
    34. 

  34.         account and store it for future use. TweetExpress now redirects the User to Twitter so they
    35. 

  35.         can approve TweetExpress' access. The URL for this redirect will be signed using
    36. 

  36.         TweetExpress' Consumer Secret and it will contain the unauthorized Request Token as a
    37. 

  37.         parameter.
    38. 

  38.     </para>
    39. 

  39. 

  40.     <para>
    41. 

  41.         At this point the User may be asked to log into Twitter and will now be faced with a Twitter
    42. 

  42.         screen asking if they approve this request by TweetExpress to access Twitter's
    43. 

  43.         <acronym>API</acronym> on the User's behalf. Twitter will record the response which we'll
    44. 

  44.         assume was positive. Based on the User's approval, Twitter will record the current
    45. 

  45.         unauthorized Request Token as having been approved by the User (thus making it User
    46. 

  46.         specific) and will generate a new value in the form of a verification code. The User is now
    47. 

  47.         redirected back to a specific callback URL used by TweetExpress (this callback URL may be
    48. 

  48.         registered with Twitter or dynamically set using an oauth_callback parameter in requests).
    49. 

  49.         The redirect URL will contain the newly generated verification code.
    50. 

  50.     </para>
    51. 

  51. 

  52.     <para>
    53. 

  53.         TweetExpress' callback URL will trigger an examination of the response to determine whether
    54. 

  54.         the User has granted their approval to Twitter. Assuming so, it may now exchange it's
    55. 

  55.         unauthorized Request Token for a fully authorized Access Token by sending a request back to
    56. 

  56.         Twitter including the Request Token and the received verification code. Twitter should now
    57. 

  57.         send back a response containing this Access Token which must be used in all requests used to
    58. 

  58.         access Twitter's <acronym>API</acronym> on behalf of the User. Twitter will only do this
    59. 

  59.         once they have confirmed the attached Request Token has not already been used to retrieve
    60. 

  60.         another Access Token. At this point, TweetExpress may confirm the receipt of the approval to
    61. 

  61.         the User and delete the original Request Token which is no longer needed.
    62. 

  62.     </para>
    63. 

  63. 

  64.     <para>
    65. 

  65.         From this point forward, TweetExpress may use Twitter's <acronym>API</acronym> to post new
    66. 

  66.         tweets on the User's behalf simply by accessing the <acronym>API</acronym> endpoints with a
    67. 

  67.         request that has been digitally signed (via HMAC-SHA1) with a combination of TweetExpress'
    68. 

  68.         Consumer Secret and the Access Key being used.
    69. 

  69.     </para>
    70. 

  70. 

  71.     <para>
    72. 

  72.         Although Twitter do not currently expire Access Tokens, the User is free to deauthorize
    73. 

  73.         TweetExpress from their Twitter account settings. Once deauthorized, TweetExpress' access
    74. 

  74.         will be cut off and their Access Token rendered invalid.
    75. 

  75.     </para>
    76. 

  76. </sect2>
    77.