| content
| - %META:TOPICPARENT{name="OpenLinkVirtuoso"}%
---++ What is OAuth?
The OAuth protocol enables websites or applications (<i>Consumers</i>) to
access Protected Resources from Web services (<i>Service Providers</i>) via
an API, without requiring Users to disclose their Service Provider credentials
to those Consumers. More generally, OAuth creates a freely-implementable and
generic methodology for API-oriented authentication.
For <i>Consumer</i> developers, OAuth is a method to publish and interact with
protected data.
For <i>Service Provider</i> developers, OAuth gives users access to their data
while protecting their account credentials.
One use case would be allowing a printing service, printer.example.com (the
Consumer), to access private photos stored on photos.example.net (the Service
Provider), without requiring Users to reveal their photos.example.net
credentials to printer.example.com.
---+++ Why is it important?
OAuth allows the user to selectively grant access to their private resources
housed on one site (called the <i>Service Provider</i>), to another site (called
the <i>Consumer</i>). In other words, OAuth enables you to grant access to some
of your information without sharing all of your identity.
OAuth does not require a specific user interface or interaction pattern, nor
does it specify how Service Providers authenticate Users, making the protocol
ideally suited for cases where authentication credentials are unavailable to
the Consumer, such as with OpenID.
OAuth aims to unify the experience and implementation of delegated web service
authentication with a single, community-driven protocol. OAuth builds on
existing protocols and best practices that have been independently implemented
by various websites. An open standard, supported by large and small providers
alike, promotes a consistent and trusted experience for both application
developers and the users of those applications.
---+++ How does it work?
What is publicly known as <i>"OAuth"</i> is really the <i>"OAuth Core 1.0"</i>
specification. The <i>"Core"</i> designation is used to stress that this is the
skeleton upon which other extensions and protocols may be built. OAuth Core 1.0
does NOT by itself provide many desired features such as automated discovery of
endpoints, language support, support for XML-RPC and SOAP, standard definition
of resource access, OpenID integration, a full range of signing algorithms, or
any number of other great ideas posted to the OAuth group.
This was intentional and is viewed by the authors as a benefit. As the name
implies, Core deals only with the most fundamental aspects of the protocol:
* Establish a mechanism for exchanging a username and password for a token
with defined rights
* Provide tools to protect these tokens
More details can be found [[http://oauth.net/documentation/getting-started][here]].
---++ What are OAuth Access Tokens?
Credentials bearing tokens enable a user to provide their credentials in tokenized form in cases
where HTTP redirection to a browser plus human interaction is unavailable or unsuitable. For example,
intermediary intelligent agents, mobile phones, or set-top devices.
---+++ How does it work?
---++++ Request Authentication
To request an Access Token in this model, the Consumer makes an HTTP
request to the Service Provider's Access Token URL. The authentication
request contains [nine] parameters contained in the HTTP Authorization
header or as URL parameters. Parameter names and values must be
"percent-encoded" to handle characters in different character sets. The
request should be performed using TLS, and should use HTTP POST.
---++++ Receive Authentication
Before granting an access token, the Service Provider must ensure that the
request signature has been successfully verified as per OAuth,
that a request with the supplied timestamp and nonce has never been
received before, and that the supplied username and password match a
User's credentials. If successful, the Service Provider generates an
Access Token and Token Secret using a 200 Ok response and returns them
in the HTTP response body.
---++++ Access Protected Resources
After successfully receiving the Access Token and Token Secret, the
Consumer is able to access the Protected Resources on behalf of the User
as per section 7 of the OAuth core specification. In other words, the Access
Token obtained here is no different in capability to the Access Token
specified by OAuth. Once authenticated using the above process, the
Consumer will sign all subsequent requests for the User's Protected
Resources using the returned Token Secret.
---++ Additional Information
---+++ General OAuth Information
* [[http://www.hueniverse.com/hueniverse/2007/09/explaining-oaut.html][Explaining OAuth]]
* [[http://www.hueniverse.com/hueniverse/2007/10/beginners-gui-1.html][Visual OAuth Usage Example]]
* [[http://www.hueniverse.com/hueniverse/2008/10/beginners-guide.html][OAuth Beginners Guide - Part 3]]
* [[http://oauth.net/core/1.0][OAuth specification]]
* [[http://oauth.net/documentation/getting-started][Getting Started with OAuth]]
* [[http://xml.coverpages.org/draft-dehora-farrell-oauth-accesstoken-creds-00.txt][OAuth Access Tokens Using Credentials specification]]
* [[http://xml.coverpages.org/draft-hammer-oauth-00.txt][OAuth: HTTP Authorization Delegation Protocol specification]]
* [[http://groups.google.com/group/oauth][Google OAuth Group]]
* [[http://step2.googlecode.com/svn/spec/openid_oauth_extension/drafts/0/openid_oauth_extension.html][OAuth & OpenID Combined]] - Protocol Extension
---+++ Virtuoso- and OpenLink-specific OAuth Information
* [[VirtuosoOAuthServer][Virtuoso OAuth server]]
* [[VirtAuthServerUI][Virtuoso Authentication Server UI]].
* [[http://ods.openlinksw.com/dataspace/dav/wiki/ODS/VirtOAuthControllers][Using OAuth with ODS]]
* [[http://ods.openlinksw.com/dataspace/dav/wiki/ODS/VirtuosoOdsUbiquity][ODS Ubiquity Commands]]
* [[VirtOAuth][Virtuoso OAuth Implementation]]
* [[http://ods.openlinksw.com/dataspace/dav/wiki/ODS/VirtuosoOdsControllers][ODS Controllers]]
* [[http://ods.openlinksw.com/dataspace/dav/wiki/ODS/VirtODSOAuthQA][Testing Virtuoso OAuth with 3rd Party OAuth Clients]]
* [[http://ods.openlinksw.com/dataspace/dav/wiki/ODS/VirtuosoOdsUbiquityTutorialsOAuth][OAuth Ubiquity Tutorial]]
* [[http://ods.openlinksw.com/dataspace/dav/wiki/ODS/VirtOAuthTestTool][Virtuoso OAuth Test Tool for ODS Controllers]]
* [[VirtOAuthSPARQL][Virtuoso SPARQL OAuth Tutorial]]
* [[http://ods.openlinksw.com/dataspace/dav/wiki/ODS/VirtuosoOdsUbiquityTutorials][ODS Ubiquity Tutorials]]
* [[http://ods.openlinksw.com/dataspace/dav/wiki/ODS/VirtOAuthExamples][OAuth Applications Authentication examples]]
* [[http://oauth.net/core/1.0/][OAuth API]]
|
![[RDF Data]](/fct/images/sw-rdf-blue.png)
![[cxml]](/fct/images/cxml_doc.png)
![[csv]](/fct/images/csv_doc.png)
![[text]](/fct/images/ntriples_doc.png)
![[turtle]](/fct/images/n3turtle_doc.png)
![[ld+json]](/fct/images/jsonld_doc.png)
![[rdf+json]](/fct/images/json_doc.png)
![[rdf+xml]](/fct/images/xml_doc.png)
![[atom+xml]](/fct/images/atom_doc.png)
![[html]](/fct/images/html_doc.png)