OAuth 1.0 (client)

Simplified context


Basically we want to receive data (Protected Resources) with our channel (Client) from an HTTP(S) server (Server).

Therefore we need an Access Token, which we get from the server in advance. The access token is stored internally in the HTTP channel.

The following mask is only about how we get this Access Token. See (5), (6), (7).

Note: See also https://tools.ietf.org/html/rfc5849#section-1.1.

Settings


(1) Two legged , Three legged: With "two legged" the authorisation step is omitted. The items (4) and (6) are then greyed out.

(2) Realm: Is taken automatically from the HTTP channel .

(3) Consumer Key , Client Secret: The "Client Key" is a public identifier for applications (here our channel). The "Client Secret" is the password for it . Note: Both are generated and provided by the server in advance . Note: See also https://tools.ietf.org/html/rfc5849#section-3.4 for the signing method to be used.

(4) Redirect URL: Will be entered automatically . Note: Is greyed out if "Two legged" is set in (1).

(5) URL for request (request token): Request Token URL. The URL used to obtain an unauthorised Request Token.

(6) URL for authorization: User Authorization URL . The URL used to obtain user authorisation . Note: Is greyed out if "Two legged" is set in (1). Note : See also https://tools.ietf.org/html/rfc5849#section-2.2.

(7) URL for token acknowledgement (perm. token): Access Token URL. The URL used to exchange the user-authorised Request Token for an Access Token. Note : See also https://tools.ietf.org/html/rfc5849#section-2.3

(8) Trace/Debug: If this checkbox is set, you will find additional trace messages in (11).

(9) Fetch Access Token: Click here to fetch the Access Token. Note: You will find an entry with the name "SYS_HTTP_OAUTH1" in the additional IDs for the access token,

(10) Manual settings: See the following section "Manual settings".

(11) Logs General messages: Jumps to page "General Messages" of the Control Center.

Manual settings


If the automated process (9) via (5), (6), (7) does not work for some reason, you can also obtain the Access Token by manually executing the corresponding requests step by step.

The Access Token (and the corresponding Access Token Secret), as well as other values that are otherwise stored internally during a successful automated process (9) and are required for an OAuth1.0 request, have to be manually specified in the following mask.

Settings


(12) Consumer Key: Is taken automatically from (3).

(13) Client Secret: See (3).

(14) Token: The Access Token you got back after all manually executed requests.

(15) Token secret: The Access Token Secret for (14).

(16) Apply: After clicking the button, y ou will find an entry with the name "SYS_HTTP_OAUTH1" in the additional IDs for the access token.