Table of contents
- Introduction
- Guide
Introduction
The OAuth 1.0 authentication is used to be a standard protocol for HTTP authorization. It reflects access to the applications securely and is supported by Alumio to make HTTP connections.
The OAuth protocol enables websites or applications (Consumers) to access Protected Resources from a web service (Service Provider) via an API, without requiring Users to disclose their Service Provider credentials to the Consumers. More generally, OAuth creates a freely-implementable and generic methodology for API authentication.
An example use case is allowing printing service printer.example.com (the Consumer), to access private photos stored on photos.example.net (the Service Provider) without requiring Users to provide their photos.example.net credentials to printer.example.com.
OAuth does not require a specific user interface or interaction pattern, nor does it specify how Service Providers authenticate Users, making the protocol ideally suited for cases where authentication credentials are unavailable to the Consumer, such as with OpenID.
OAuth aims to unify the experience and implementation of delegated web service authentication into a single, community-driven protocol. OAuth builds on existing protocols and best practices that have been independently implemented by various websites. An open standard, supported by large and small providers alike, promotes a consistent and trusted experience for both application developers and the users of those applications.
Alumio supports interactive authorization for OAuth 1.0:
OAuth uses Tokens generated by the Service Provider instead of the User’s credentials in Protected Resources requests.
OAuth Authentication is done in three steps:
- The Consumer obtains an unauthorized Request Token.
- The User authorizes the Request Token.
- The Consumer exchanges the Request Token for an Access Token.
Guide
Step 1: Go to HTTP authentications > Create a new HTTP authentication.
Step 2: Select “OAuth1 authentication” from the list of Settings.
Step 3: Fill in such fields as “Consumer key”, “Consumer secret”, “Request URL”, “Authorize URL”, “Token/Credentials URL” and “Callback URL”.
Step 4: Select a kind of signature to be used:
- HMAC-SHA1;
- HMAC-SHA256.
Step 5: Select where authorization data should be sent to:
- Request headers;
- Request URL.
Step 6: Select a Client in the list.
Step 7: Click on the “Retrieve an access key” to get the key.
Step 8: Save the configuration.