OAuth for Web Services

From WebOS101

Jump to: navigation, search

Web services such as Google, Yahoo and Twitter have begun using OAuth [[1]] authentication, which is a token based scheme that prevents applications from having direct credential access. The downside is that the creation and signing of requests is complicated and messy. Fortunately for you, there is the begining of an OAuth library for WebOS. Please browse and checkout the source:

http://github.com/jfelectron/OAuth-for-WebOS


The upside of OAuth is that most providers do not expire their tokens once authorized so you needn't bother your users again after the initial login. There is an example scene and view to get your started using the library in your own apps.


There is another project which uses another oauth.js library. http://github.com/fillito/WebOS-OAuth

OAuth Signatures

You need to generate and send a signature with each request involving OAuth. Typically, the signature is an encrypted string created with the consumer secret or both the consumer secret and token secret. The base string to encrypt follows this format:

HTTP method&URL&ALL URL parameters

Example base string
GET&http%3A%2F%2Foauth.example.com%2FgetSomeData.php&oauth_consumer_key%3Dnotarealkey%26oauth_nonce%3DzLzRQDDrdTDZvGsTwnz0nM7AZGJWht2X%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1278355416%26oauth_token%3D5notarealtoken

Once you have generated the signature, you then add it as another parameter (oauth_signature) to the request before sending it.

Retrieved from "http://www.webos101.com/OAuth_for_Web_Services"
Personal tools