Last time I looked at Oauth I was simply looking at the steps involved with it, today I am doing a small POC. I will be using twitter as my identity provider.
I found a basic OAuth utility to get me on my way. It can be downloaded here. Below is a basic representation of the components involved with OAuth and the pattern.
- First go and register your web application with twitter.
It has to be reachable over the internet.
You can not use localhost but you can use 127.0.0.1
You will receive your customer key and secret – store this somewhere.
- Using the downloaded utility do a request to receive back a request token.
OAuth.Manager OAuthMan = new OAuth.Manager(); OAuthMan["consumer_key"] = "MyKey"; OAuthMan["consumer_secret"] = "MySecret";OAuth.OAuthResponse response = OAuthMan.AcquireRequestToken();
- Next you need to do a request to the identity provider and pass the request token.
Response.Redirect("https://api.twitter.com/oauth/authenticate?oauth_token=" + OAuthMan["token"]);
- The website will require the user to log into the identity provider using his credentials.
- Once authenticated the website will require the identity to authorize the application to access its profile.
- The identity provider will give a pin as a result which must then need to be fed manually into the requesting application by.
I still don’t like this disjointed authorization. This relies on the customer copying and pasting this pin between 2 applications.
- Once the pin has been received the application can request access to the profile. The result is a access token.
OAuth.OAuthResponse accessTokenResponse = OAuthMan.AcquireAccessToken(pin);
Congratulations you are now connected to the identity provider and have been granted access to access the identity information. Retrieving the information of the logged in Identity is a separate topic and different for each Identity Provider.