开发者

How to authenticate restful web service using oAuth

I want to do authentication in RESTful web service for every request. I have read scope about OAuth in website. What should I store in database or which token key or access key need to check with database? I have REST web serivce and android app to call web serivce. So, Web service is served as a Service Provider, UserLogin is user and Android application as a Consumer like describe in Oauth site. So, if user request from android like

GET /username/a.jpg HTTP/1.1
Host: localhost:8080
Authorization: OAuth realm="http://localhost/username/a.jpg",
    oauth_consumer_key="dpf43f3p2l4k3l03",
    oauth_token="nnch734d00sl2jdk",
    oauth_nonce="kllo9940pd开发者_Go百科9333jh",
    oauth_timestamp="1191242096",
    oauth_signature_method="HMAC-SHA1",
    oauth_version="1.0",
    oauth_signature="tR3%2BTy81lMeYAr%2FFid0kMTYa%2FWM%3D" 

But from server side which is web service how to check with database or which key will be use to check? is it signature?


Read up on http://oauth.net/core/1.0/ .. specifically Appendix A.2 through A.4. It describes the "handshake" that takes place when a service fails to get access, then redirects the user to the authentication website, then is returned back to the callback url.

As you asked, in A.4, yes, the service then examines the signature and replies with an access token.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜