Reputation: 8977
What is the purpose of having access token for server side?
I see that when connecting services to twitter/facebook, sometimes apps are storing the user access token in the server. What is the most common purpose of doing this? I've read several twitter/fb documents and just don't seem to get it. Twitter also has an xAuth which can basically provide you with the user 'access_token', so what is the purpose of doing this?
Upvotes: 0
Views: 716
Answers (2)
Reputation: 1115
Instead of the service storing your facebook/twitter username/password on the server (which the service shouldn't know) it stores the access_token. The access_token can be used to make requests to the API. This is the purpouse of Oauth. It will enable you to write services which uses an external api like facebook without the user ever telling you theire username/password
Upvotes: 1
Reputation: 14299
You don't want 3RD parties pretending to be users. You want signed transactions so that authenticity is validated.
What if some application just started posting shit on your wall? This has a pretty obvious purpose.
Your app has to provide the token when making API requests that have been approved by the user. That's what OAuth is made for.
Upvotes: 2
Related Questions
- What is the purpose of authorization code in OAuth
- Should the access token in oAuth be generated every time the user logs in?
- Why twitter requires API key secret and Access Token Secret?
- Purpose of auth user tokens?
- Why "The user will always be prompted to authorize access to your application, even if access was previously granted."
- What is oauth_token_secret in Twitter OAuth
- What's the use of the oauth_token_secret in Twitter OAuth?
- Twitter4J Access token explanation?
- Can someone explain what an OAuth Response Token/TokenSecret are used for?
- Understanding OAuth and client sessions