Interaction flow for DokuWiki OAuth

Work in progress
Info Client/Consumer Server/Service Provider (SP)
use-case Client wants to make requests to SP on behalf of a user without knowing his/her password at SP.
one-time admin preparation step 1 generate/choose consumer key+secret
one-time admin preparation step 2 set consumer key+secret
one-time user preparation step 3 Initiate a request to SP to obtain a Request Token. - This redirect the user to the SP, where the user will need to log-in (if he is not already) and then authorize access for the consumer. In turn the SP will exchange the request-token with an access token.
internal save access-token for current local user save access-token for authenticated user
repeatedly sign any request with consumer key+secret and access token+secret
 
wiki/dokuoauth_flow.txt · Last modified: 17.12.2011 14:01 by rgareus