[Oauth] Introduction oauth and how to use

Deskripsi
        Learn about Oauth ver.1.1

on wiki :
OAuth is an open standard for authorization. OAuth provides client applications a 'secure delegated access' to server resources on behalf of a resource owner. It specifies a process for resource owners to authorize third-party access to their server resources without sharing their credentials. Designed specifically to work with Hypertext Transfer Protocol (HTTP), OAuth essentially allows access tokens to be issued to third-party clients by an authorization server, with the approval of the resource owner, or end-user. The client then uses the access token to access the protected resources hosted by the resource server. OAuth is commonly used as a way for web surfers to log into third party web sites using their Google, Facebook or Twitter accounts, without worrying about their access credentials being compromised.

for developers , we need 4 key that provide by the vendor for example twitter :

here's the key, if you don't know how to create it just google -_-a  : 
- consumer key
- consumer secret
- access token  *by default status readonly , you must change to 'write' if you want to tweet

- access token secret *by default status readonly  , you must change to 'write' if you want to tweet
note : this 4 key must be kept secret from the user and only the developer knows.

Step 1
you must know the resource URL of the vendor (for the example twitter), from twitter API we get sample resource URL like this :
- For data retrieval
GET statuses/mentions_timeline
GET statuses/user_timeline 
GET statuses/home_timeline
GET statuses/retweets_of_me

- For posting tweets
POST statuses/update

Step 2
create oauth_BaseString
oauth_BaseString consist of 3 part : method, resource_url and basestring

here's explanation
method : GET / POST
resource_url :  https://api.twitter.com/1.1/statuses/user_timeline.json
base string :
   -base string part :
         - oauth_consumer_key // dynamic
         - oauth_nonce // dynamic
         - oauth_signature_method = HMAC-SHA1
         - oauth_timestamp // dynamic
         - oauth_token  // dynamic
         - oauth_version= // dynamic
 
      - Here's the example base string :
"oauth_consumer_key=xxx&oauth_nonce=9c3f7ae6df9649a77c34ac588e4b6372&oauth_signature_method=HMAC-SHA1&oauth_timestamp=1380789372&oauth_token=yyy&oauth_version=1.0"

you must thinking where i get oauth_nononce and  oauth_timestamp right ?

oauth_nononce is Random 64-bit, unsigned number encoded as an ASCII string in decimal format. you can create it by generate datetime and convert into base64 , the total string must 32 digit, if less you add manually.

oauth_timestamp is an Integer representing the time the request is sent. The timestamp should be expressed in number of seconds after January 1, 1970.

after basestring created , oauth_BaseString need basestring converted into a format escape character
 because it send from url (headers).


step 3
create oauth_signKey
oauth_signKey consist of 2 part : oauth_consumer_secret and oauth_token_secret

here's the explanation :
- oauth_consumer_secret : This key is usually obtained from vendors , don't worry :)
- oauth_token_secret : This key is usually obtained from vendors , don't worry :)

you must combine the 2 key and add '&' between two key , and escape string character that each key.
here the example key :
oauth_signKey = "4hpFcExUrg1V6vCSYMAhg&t2SwVdDenSSaTjRiPo0PGy5ytSZjAe5lXsHTmUiFI6U"

here's the rugged code example from vb.net
Uri.EscapeDataString(oauth_consumer_secret) & "&" & Uri.EscapeDataString(oauth_token_secret) 


step 4
create oauth_signature
if you don't have oauth_BaseString , go back step_2
to create signature you must have oauth_BaseString that encrypted using HMAC-SHA1 , then converted into 64Base string and last escape string character.

here's the rugged code example from vb.net
Private Function Create_Signature(ByVal oauth_signKey As String, ByVal oauth_baseString As String) As String
        Try
            Dim encryption
            encryption = New HMACSHA1(ASCIIEncoding.ASCII.GetBytes(oauth_signKey))
            Using (encryption)
                Return Uri.EscapeDataString(Convert.ToBase64String(encryption.ComputeHash(ASCIIEncoding.ASCII.GetBytes(oauth_baseString))))
            End Using
        Catch ex As Exception
            Return "error occured when creating signature"
        End Try
    End Function


that's all step we need to Authorized in oauth.
Authorization oauth (for example twitter) need some key here's the format :

Authorization: OAuth oauth_consumer_key="xxx", oauth_nonce="yyy",oauth_signature="zzz", oauth_signature_method="abc", oauth_timestamp="12456623", oauth_token="abc", oauth_version="1.0".
*note : length of value is dynamic not same as above.

so for authorization , you need :
Keyword : Authorization: OAuth
1. oauth_consumer_key
2. oauth_nonce
3. oauth_signature
4. oauth_signature_method
5. oauth_timestamp
6. oauth_token
7. oauth_version
and place it into webheader , i will give example full source of my class for twitterLib in vb.net , i hope you can learn it fast and translate it into any programming language :).

here's the full source oauth twitterLib class VB.NET

Post a Comment

Harap gunakan bahasa yang baik dan sopan, terima kasih