Apparently the requirement for an empty oauth_token was added in the
second draft of the OAuth Consumer Request Extension? What was the
reasoning behind this?
Is not the Request Token request not a Consumer resource? Does it not
seem any different than any other resource meant to be addr
The access token indicates the user on whose behalf a consumer is
acting, when the consumer sends a request to a service provider. (A
single consumer may act on behalf of many users, concurrently.)
Some service providers store information inside tokens. For example,
an access token may contain t
Hi Robert,
This is actually a very good question. One possible approach would be
for the Consumer obtain a 2 legged Access Token by submitting its
Consumer Key and Secret (or signature) to the SP's authentication
service. The auth service will return a 2 legged access token (and
access token
Ok, sorry, I read your last sentence wrong so my first sentence doesn't make
sense ...
One more thing: Using an Access Token the Consumer can make any number of
requests as long as that token is valid.
2009/11/2 Lukas Rosenstock
> Hi Melvin,
>
> yes, the Access Token is used to access the permi
Hi Melvin,
yes, the Access Token is used to access the permissioned resource directly,
but I would not say "just" access because this is the purpose of OAuth,
right?!
The Provider has some resources (data, functionality etc.) exposed through
webservice APIs, which are related to a particular user
