Simplified Context

Basically we want to receive data (Protected Resources) with our channel (Client) from an HTTP(S) server (Server).

Therefore we need an Access Token, which we get from the server in advance. The access token is stored internally in the HTTP(S) channel.

The following mask is only about how we get this Access Token. See (5), (6), (7).

Note: See also https://tools.ietf.org/html/rfc5849#section-1.1.

Settings

(1) With two legged the authorization step is omitted. The items (4) and (6) are then greyed out.

(2) Is taken automatically from the HTTP(S) channel .

(3) The Client Key is a public identifier for applications (here our channel). The Client Secret is the password for it . Note: Both are generated and provided by the server in advance . Note: See also https://tools.ietf.org/html/rfc5849#section-3.4 for the signing method to be used.

(4) Will be entered automatically . Note: Is greyed out if Two legged is set in (1).

(5) Request Token URL. The URL used to obtain an unauthorized Request Token.

(6) User Authorization URL . The URL used to obtain user authorization . Note: Is greyed out if Two legged is set in (1). Note : See also https://tools.ietf.org/html/rfc5849#section-2.2.

(7) Access Token URL. The URL used to exchange the user-authorized Request Token for an Access Token. Note : See also https://tools.ietf.org/html/rfc5849#section-2.3

(8) If this checkbox is set, you will find additional trace messages in (11).

(9) Click here to fetch the Access Token. Note: You will find an entry with the name SYS_HTTP_OAUTH1 in the additional IDs for the access token,

(10) See the following subsection.

(11) Jumps to area General Messages of the Control Center.