Authenticating with OAuth

By | April 14, 2017

Last time I looked at Oauth I was simply looking at the steps involved with it, today I am doing a small POC. I will be using twitter as my identity provider.

I found a basic OAuth utility to get me on my way. It can be downloaded here. Below is a basic representation of the components involved with OAuth and the pattern.

 

  1. First go and register your web application with twitter.
    It has to be reachable over the internet.
    You can not use localhost but you can use 127.0.0.1
    You will receive your customer key and secret – store this somewhere.
  2. Using the downloaded utility do a request to receive back a request token.
    OAuth.Manager OAuthMan = new OAuth.Manager();
    OAuthMan["consumer_key"] = "MyKey";
    OAuthMan["consumer_secret"] = "MySecret";OAuth.OAuthResponse response = OAuthMan.AcquireRequestToken();
    
  3. Next you need to do a request to the identity provider and pass the request token.
    Response.Redirect("https://api.twitter.com/oauth/authenticate?oauth_token=" + OAuthMan["token"]);
    
  4. The website will require the user to log into the identity provider using his credentials.
  5. Once authenticated the website will require the identity to authorize the application to access its profile.
  6. The identity provider will give a pin as a result which must then need to be fed manually into the requesting application by.

    I still don’t like this disjointed authorization. This relies on the customer copying and pasting this pin between 2 applications.

  7. Once the pin has been received the application can request access to the profile. The result is a access token.
    OAuth.OAuthResponse accessTokenResponse = OAuthMan.AcquireAccessToken(pin);
    

Congratulations you are now connected to the identity provider and have been granted access to access the identity information. Retrieving the information of the logged in Identity is a separate topic and different for each Identity Provider.

Category: POC Security Tags: ,

About Wayne Clifford Barker

I am a husband, father, blogger, gardener, fish keeper and cyclist. In my professional capacity I am the solution architect and technical lead for Assima Core Team. Me and my team are responsible for all the infrastructure and cross cutting concerns of the product; security, diagnostic and auditing. We are also responsible for scaling, deployment, hosting, performance testing and load testing. It is difficult to put me in a box and say “This is what I can do as a person” as technology and requirements change every year, my skills change. In the end I help engineer sustainable business solutions.

One thought on “Authenticating with OAuth

  1. Pingback: Retrieving the twitter identity information – Wayne Clifford Barkers' Blog

Leave a Reply

Your email address will not be published. Required fields are marked *