Hi, You can do the following:
Step 1: get the *(unauthorized) request token* from the service provider Step 2: build the url where the user is supposed to be redirected (*authorization url*). Step 3: give the user this url and ask him to go to this url using his browser, where he will be asked to log in if necessary and grant/deny you (consumer) access to his data. If he grants, he will be given the *authorized request token* by the service provider which he is supposed to give to you (consumer) (somehow). Step 4: user goes to a predetermined url (may be given by the consumer in step 3), from where he passes this *authorized request token *to the consumer Step 5: consumer then uses this token to exchange it for an *access token *and provide service using the *access token*. The protocol says that if there is no redirection involved in the second step (in which user grants access to his data) of OAuth, user should be explicitly asked to go to the *authorization url *(to be build and given by the consumer), user then grants/denies access, and if grants, the service provider is supposed to give the *authorized token *to the user, which is supposed to be given back to the consumer... the above steps is one example of how this can be done. This is the reason why *unauthorized request token *and *authorized request token *are smaller in length and simple to type so that user can manually provide it if needed such as in above case, unlike the *access token* which is generally very long. However, this is just a recommendation in the protocol. I have not actually implemented it, but I have studied the protocol fairly in detail and I believe this is how it can be done. In mobile applications also, similar approach can be taken. Hope, the explanation is clear and understandable. -Dipen Nouman Ashraf wrote: > Hi All, > I am going to implement OAuth protocol in my desktop application > (consumer) with a web service(service provider) but i am confused that > how service provider redirect user back to consumer with authenticated > request token. i.e. how can i get that authenticated request token and > come to know in a desktop application that the user get validated etc. > etc... > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
