The efficient way is for the consumer to store an access token and token secret. But if your consumer can't do this:
Develop a service provider that can authenticate the user without asking for input. A popular choice: the service provider stores cookies in the user's browser, which it can validate when the user returns. Use standard OAuth; however, during the authorization phase the service provider immediately redirects the browser back to the consumer, without asking for input from the user. Then the consumer will get an access token and proceed. The service provider might assign a single access token and token secret to each user/consumer pair, returning them repeatedly each time that consumer acts on behalf of that user. When asking for a request token, the consumer should not identify the user. Or at least that's not OAuth. On Jul 22, 1:58 pm, joaquindiez <[email protected]> wrote: > I am developing an Oauth Service Provider and I have the follow > situation: > > - the users only grant access to the Consumer the first time > > so the following times the Consumer want to access the information of > the user I do not need to ask again the user for permission, > > I undestand the steps the Consumer must follow are: > > 1.- Ask the Service Provider for an Request Token (in the request go > the id of the user I will get the info) > 2.- Service provicer return an oauth_token and oauth_secret (this > token should be alreafy authorized?) > 3.-If the answer to ther question before is no..then the Consumer > Should ask for and AccessToken..... > > Is this correct? --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
