Search:  

Previous pageTechniques & KB Articles Next page
OAuth 

OAuth

OAuth is a protocol used by some third party websites (we'll use Twitter as an example for clarity) to allow other sites (by 'site' we mean one developed in this platform) to access their system on behalf of a user, say to post tweets.

External resources: www.oauth.net, OAuthW

Introduction

The traditional method, known as Basic Authentication, was for the user to give the site their Twitter username and password. However, whilst simple and easy, this gives the site total control over your Twitter account, which is undesirable, and is now no-longer available.

OAuth allows the user to give the site a 'token' which can be used to post Tweets under their name. However the token doesn't reveal the username and password, and can be revoked via the Twitter site at any time. The user stays in control.

To save the user from having to worry about typing in tokens, the OAuth protocol allows the sites to work together to prompt the user for their login details, with the token being carried around behind the scenes.

Registering as an Application - Consumer keys

OAuth introduces some new terminology: before users can start creating tokens, the site has to register with Twitter as an Application, and is given some Consumer keys. These are added to the site as an entry in the 'OAuth Consumer' component. A site might hold several Consumer keys, for different services – Twitter, Facebook, and so on. The OAuth Consumer component allows these to be managed.

The User Experience

When the user would normally be prompted in the system for a username and password (for example in the Event Tree / Tweet action dialog) there is instead an OAuth Token picker.

The OAuth Token picker allows the currently-logged-on user to see and use any existing tokens they have, or to Add a new token.

When they add a new token they are asked to choose a Consumer (ie to select Twitter from the list) and to name their own Token (The name is simply for the user's benefit, to help distinguish between multiple Twitter accounts).

Then they are shown a page provided by Twitter, in which they are asked to confirm they want to provide the site with permission. If they aren't already logged into Twitter they will be asked to login – providing their username and password to Twitter – but not to the site.

Once confirmed, they are returned to the site, where the new token is listen in the dialog and can be selected.

The dialog only shows tokens created by the currently logged-in user. This keeps each user's tokens secure for their own use, which is important in multi-user systems.

The only exception is that a dialog is being edited that already has another user's token selected, that token can still be used. This typically applies where you have two site administrators editing the same configuration dialogs.

The OAuth Token datatype

The OAuth Token dataype allows users to specify tokens in Data Entry Forms, which can then be used elsewhere.


 

           
 

DATA

Managing Data

Tables

Referential Integrity 

Data Entry Forms

Queries and Views

Custom Views

 

USERS & SECURITY

Users & Permissions

User Group Manager 

User Registration

Access Codes & Agreements

Personalizing Experience

Managing Profiles

 

SaaS

SaaS Server

SaaS Site Manager

SaaS Client Accounting

SaaS Templates & Clones

SaaS Self Service

Associates System 

 

CMS

User Editable pages

CSS Editor

Editing Pages

Direct URLs

Using Javascript & JQuery

Content Approval & Workflow

 

WEB

Key Concepts

Components

Understanding Embeds

Site Building

Themes System

SEO Optimization

 
           
 
clearString   neatComponents™    © Enstar LLC  1999-2019 All Rights Reserved      Terms of Use      Privacy & Cookies      Contact us...
 
 
 
 

 

Docs HomePrint:   Print this page