OAuth 1.0 consumer implementation. See http://www.oauth.net and RFC 5849
There are typically three parties involved in an OAuth exchange:
(1) The "Service Provider" (e.g. Google, Twitter, NetFlix) who operates the service where the data resides. (2) The "End User" who owns that data, and wants to grant access to a third-party. (3) That third-party who wants access to the data (after first being authorized by the user). This third-party is referred to as the "Consumer" in OAuth terminology.
This library is designed to help implement the third-party consumer by handling the low-level authentication tasks, and allowing for authenticated requests to the service provider on behalf of the user.
- Currently only supports HMAC and RSA signatures. - Currently only supports SHA1 and SHA256 hashes. - Currently only supports OAuth 1.0
Overview of how to use this library:
(1) First create a new Consumer instance with the NewConsumer function (2) Get a RequestToken, and "authorization url" from GetRequestTokenAndUrl() (3) Save the RequestToken, you will need it again in step 6. (4) Redirect the user to the "authorization url" from step 2, where they will authorize your access to the service provider. (5) Wait. You will be called back on the CallbackUrl that you provide, and you will recieve a "verification code". (6) Call AuthorizeToken() with the RequestToken from step 2 and the "verification code" from step 5. (7) You will get back an AccessToken. Save this for as long as you need access to the user's data, and treat it like a password; it is a secret. (8) You can now throw away the RequestToken from step 2, it is no longer necessary. (9) Call "MakeHttpClient" using the AccessToken from step 7 to get an HTTP client which can access protected resources.