Hi Melvin, yes, the Access Token is used to access the permissioned resource directly, but I would not say "just" access because this is the purpose of OAuth, right?!
The Provider has some resources (data, functionality etc.) exposed through webservice APIs, which are related to a particular user (e.g. contain this user's personal details). Every request that directly goes from the Consumer to the Provider - a server-to-server request in which the user's browser is not involved - carries an OAuth signature. This signature contains the Access Token so that the Provider can verify that the user has actually given his consent to share the data with the Consumer. Hope that helped! Regards, Lukas 2009/10/31 Melvin Carvalho <[email protected]> > > Hi All > > I hope this is not too much of a beginner question. > > I've been reading through the OAuth spec and I was wondering what the > role of the access token is. > > It seems to me after stage 6.2 http://oauth.net/core/1.0a#auth_step2 > > 1. The Service Provider has authorized the Consumer > 2. The Service Provider has verified the Consumer > > Why then does the consumer need an access token, rather than just > accessed the permissioned resource directly. > > Thanks > Melvin > > > > -- http://lukasrosenstock.net/ --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---
