初识oauth: 为API访问授权提供一个开放的标准

原址：http://iceskysl.1sters.com/?action=show&id=419

最近在准备一些API设计开发工作，初步了解了下oauth，OAuth是由Blaine Cook、Chris Messina、Larry Halff 及David Recordon共同发起的，目的在于为API访问授权提供一个开放的标准。
oauth目前看来进展比较顺利，可以看到其有主流语言的lib（Java、C#、Objective-C、Perl、PHP及Ruby语言），目前支持oauth的API有twitter，douban等应用。

OAuth is the great new standard allowing your users to use your application to talk to their accounts on other applications. I won’t go more into it here as it’s pretty well covered on the OAuth site.

OAuth’s Goal
Website X can access your protected data at API Y

All without sharing your password off-site
especially when there isn’t one like with OpenID
其基本流程为：

Register your consumer application with the OAuth compliant service to receive your Consumer Credentials (This is only done once)
You initiate the OAuth Token exchange process for a user by requesting a RequestToken from the Service
You store the RequestToken in your database or in the users session object
You redirect your user to the service providers authorize_url with the RequestToken’s key appended
Your user is asked by the service provider to authorize your RequestToken
Your user clicks yes and is redirected to your CallBack URL
Your callback action exchanges the RequestToken for an AccessToken
Now you can access your users data by performing http requests signed by your consumer credentials and the AccessToken.
????
PROFIT!!!
如果你想了解，请参考如下文档，如果你有经验，请分享，谢谢！

参考文档：

Developing OAuth clients in Rubyhttp://stakeventures.com/articles/2008/02/23/developing-oauth-clients-in-ruby
How to turn your rails site into an OAuth Provider http://stakeventures.com/articles/2007/11/26/how-to-turn-your-rails-site-into-an-oauth-provider
OAuth不断获得动力
Rails plugin for OAuth
OAuth implementation for Ruby
豆瓣 API 认证授权说明
The How of OAuth --这个PPT挺不错