3-legged OAuth flow

I’m going to explain about behavior of 3-legged OAuth in simple way.

Just look at this.

3-legged OAuth

Lets think one of web applications call MyApp need to access my Facebook photos.
In this example: Resource Owner – me, Consumer – MyApp, Service Provider – Facebook.

Now try to compare this example with above explained scenarios.

1. – MyApp request temporary token form Facebook.
2. – Facebook give the temporary token to MyApp.
3. – MyApp will redirect to the Facebook login page to Autorize the Token.
4. – Me login to the Facebook and Grant access to MyApp
5. – Conform about Authorization to Me
6. – MyApp Request Access Token from Facebook.
7. – Facebook issue Access Token
8. – Request to Access the photos in my Facebook account.
9. – Issue the protected photos.

This is another simple example find out from Google


One thought on “3-legged OAuth flow

Add yours

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: