Reputation: 1525
How to authenticate restful web service using oAuth
I want to do authentication in RESTful web service for every request. I have read scope about OAuth in website. What should I store in database or which token key or access key need to check with database? I have REST web serivce and android app to call web serivce. So, Web service is served as a Service Provider, UserLogin is user and Android application as a Consumer like describe in Oauth site. So, if user request from android like
GET /username/a.jpg HTTP/1.1
Host: localhost:8080
Authorization: OAuth realm="http://localhost/username/a.jpg",
oauth_consumer_key="dpf43f3p2l4k3l03",
oauth_token="nnch734d00sl2jdk",
oauth_nonce="kllo9940pd9333jh",
oauth_timestamp="1191242096",
oauth_signature_method="HMAC-SHA1",
oauth_version="1.0",
oauth_signature="tR3%2BTy81lMeYAr%2FFid0kMTYa%2FWM%3D"
But from server side which is web service how to check with database or which key will be use to check? is it signature?
Upvotes: 6
Views: 13155
Answers (1)
Reputation: 13367
Read up on http://oauth.net/core/1.0/ .. specifically Appendix A.2 through A.4. It describes the "handshake" that takes place when a service fails to get access, then redirects the user to the authentication website, then is returned back to the callback url.
As you asked, in A.4, yes, the service then examines the signature and replies with an access token.
Upvotes: 4
Related Questions
- Salesforce REST API Login?
- JAX-RS REST API Basic Authentication
- Spring RESTful web service auth
- Salesforce authentication using Rest API with JAVA
- Authentication and Authorization on a simple restful webservice
- How can i call Auth Authentication using Restfull
- REST HTTP Authentication - How?
- How to authenticate users in Java(REST) app?
- REST Authentication
- how to do authentication in REST web service?