Reputation: 4677
How to generate oauth token?
The OAuth 1.0 Protocol didn't point out the algorithm servers generating tokens. What algorithm should I use? Is random sequence OK?
Upvotes: 2
Views: 1205
Answers (2)
Reputation: 2010
The secret part of each set of credentials (client, temporary, token) should be as random and as long as reasonably possible. You want to prevent anyone from discovering the secrets by intercepting a request and cracking the signature.
The section Entropy of Secrets in the OAuth 1.0a spec goes into more detail (but not much more).
I usually read from /dev/urandom (on Linux systems) to get a binary string of 12 or 15 random bytes and then base64 encode it. You might make the client secret longer since it changes rarely if ever.
Upvotes: 2
Reputation: 38412
I haven't implemented a server myself, but random ought to work. Something similar to what you'd use for nonce() in a client.
Upvotes: 0
Related Questions
- How to create a connected app through API?
- Generate OAuth Token using R
- How to generate the access token in Spring
- how to generate OAuth client identifier and client secret?
- How to develop api with oAuth2 step by step code
- Can you recommend a way to generate access token?
- What to use to generate OAuth 2 access token
- How to generate oauth token using user key & secret
- Make my own api with oauth
- Getting started with OAuth