About OAuth
Last updated on October 11, 2019
The following section briefly describes the concepts and workflow of the OAuth authentication process.
For more details about OAuth, refer to RFC 5849.
OAuth Roles
The OAuth process involves the following three entities:
The diagram above shows the following:
- The arrow between the User and Consumer shows that a request and response is made between the two.
- The arrow between the Consumer and the Service Provider shows that a request and response takes place between the two.
- The arrow at the bottom shows that, after the OAuth process, the User is able to access resources from the Service Provider.
| OAuth Role | Description | OpenX Implementation |
|---|---|---|
| Service Provider | A web application that allows access via OAuth. | OpenX |
| Consumer | A website or application that uses OAuth to access the Service Provider on behalf of the User. | Your client application |
| User | An individual who has an account with the Service Provider. | Users of your client application |
URLs
OAuth defines three request URLs:
| URL Type | Description | OpenX Implementation |
|---|---|---|
| Request Token URL | Used to obtain an unauthorized Request Token | https://sso.openx.com/api/index/initiate |
| User Authorization URL | Used to obtain User authorization for Consumer access | Browser-based: https://sso.openx.com/login/loginProgrammatic: https://sso.openx.com/login/process |
| Access Token URL | Used to exchange the User-authorized Request Token for an Access Token | https://sso.openx.com/api/index/token |
Parameters
For a complete list of parameters, see the OAuth specification. There are a few parameters worth mentioning:
| Parameter | Description |
|---|---|
| Oauth_nonce | This parameter contains a nonce or “only once string”; it is a unique string that changes on each OAuth request. There is no specification on how the nonce should be constructed, but it is important to make sure it changes on each call; it is how the server knows there are no duplicate requests. Note: This parameter cannot contain a / even if it is encoded because the OpenX SSO cannot handle a /. If so, an Invalid Request: Missing nonce error occurs for the https://sso.openx.com/api/index/initiate step. |
| oauth_token | This value changes based on the stage of the OAuth handshake. Before authorization and when getting a request token, this parameter is excluded entirely. When retrieving an access token, this parameter is set to the request token. Once an access token has been obtained, this parameter, for all future requests, is set to the access token. |
| UNIX timestamp | The oauth_timestamp field requires a UNIX timestamp. Some programming libraries may provide a function for this. |
Process Overview
The following graphic illustrates the flow of information in the OAuth process. It basically takes place in three steps:
- The Consumer obtains an unauthorized Request Token (Steps 1.1 and 1.2)
- The User authorized the Request Token (Steps 2.1, 2.2, and 2.3)
- The Consumer exchanges the Request Token for an Access Token (Steps 3.1 and 3.2)
The numbered steps in the graphic correspond to the numbered steps in this section.
Solid arrow: Person using web browser/Manual entry
Dotted arrow: Consumer/Service Provider