Chat without signing

31 Jan

More generally, OAuth creates a freely-implementable and generic methodology for API authentication. To make sure that the User granting access is the same User returning back to the Consumer to complete the process, the Service Provider MUST generate a verification code: an unguessable value passed to the Consumer via the User and REQUIRED to complete the process.An example use case is allowing printing service printer.(the Consumer), to access private photos stored on photos.(the Service Provider) without requiring Users to provide their photos.credentials to printer. If the Consumer provided a callback URL (using the The callback URL MAY include Consumer provided query parameters.OAuth does not require a specific user interface or interaction pattern, nor does it specify how Service Providers authenticate Users, making the protocol ideally suited for cases where authentication credentials are unavailable to the Consumer, such as with Open ID. The Service Provider MUST retain them unmodified and append the OAuth parameters to the existing query. The methods for sending other request parameters are left undefined, but SHOULD NOT use the OAuth HTTP Authorization Scheme Response parameters are sent by the Service Provider to return Tokens and other information to the Consumer in the HTTP response body. Text names and values MUST be encoded as UTF-8 octets before percent-encoding them per [RFC3629] In addition to these defined methods, future extensions may describe alternate methods for sending the OAuth Protocol Parameters.

The Consumer constructs an HTTP GET request to the Service Provider's User Authorization URL with the following parameter: OPTIONAL. The Service Provider MAY declare this parameter as REQUIRED, or accept requests to the User Authorization URL without it, in which case it will prompt the User to enter it manually. If successful, it generates a Request Token and Token Secret and returns them to the Consumer in the HTTP response body as defined in Service Provider Response Parameters In order for the Consumer to be able to exchange the Request Token for an Access Token, the Consumer MUST obtain approval from the User by directing the User to the Service Provider. Service Providers SHOULD allow Users to revoke Access Tokens. Access Tokens MAY limit access to certain Protected Resources, and MAY have a limited lifetime. The Consumer obtains an unauthorized Request Token by asking the Service Provider to issue a Token. Only the Access Token SHALL be used to access the Protect Resources.An open standard, supported by large and small providers alike, promotes a consistent and trusted experience for both application developers and the users of those applications. The Request Token and Token Secret MUST be exchanged for an Access Token and Token Secret.