Info | Client/Consumer | Server/Service Provider (SP) |
use-case | Client wants to make requests to SP on behalf of a user without knowing his/her password at SP. | |
one-time admin preparation step 1 | | generate/choose consumer key+secret |
one-time admin preparation step 2 | set consumer key+secret | |
one-time user preparation step 3 | Initiate a request to SP to obtain a Request Token. - This redirect the user to the SP, where the user will need to log-in (if he is not already) and then authorize access for the consumer. In turn the SP will exchange the request-token with an access token. | |
internal | save access-token for current local user | save access-token for authenticated user |
repeatedly | sign any request with consumer key+secret and access token+secret | |