OAuth is a technology that allows a user to connect a client to a service, but without that user needing to enter their password.
The usual way this works is that a user clicks on a button, and are taken to a page asking whether they wish to allow the connection. Under the bonnet a handshake is going on between the client and server, resulting in an exchange of tokens.
If you’ve ever used the “Facebook connect” or “Sign in with twitter” buttons, you are likely familiar with this.
Known has a comprehensive API, and while it is possible to authenticate yourself to it using signed HTTP headers, I thought it’d be handy to be able to authenticate with OAuth as well (it was an excuse for me to write the code powering the server side of an OAuth exchange, a good way to understand it!).
The plugin I wrote lets a user manage “applications” – collections of keys – which can be used by an OAuth2 client to power an exchange.
Here is an example of client authentication in it’s most basic…
To get a code:
https://mysite.com/oauth2/authorise/?response_type=code&client_id=<your API Key>&redirect_uri=<path to your endpoint>
You will be directed to a log in page, followed by a confirmation page as necessary, after which you will get a response code back. This response will either be a JSON encoded blob, or if you specified a redirect_uri, the values will be forwarded as get variables.
Exchanging the code for a token
https://mysite.com/oauth2/access_token/?grant_type=authorization_code&client_id=<your API Key>&redirect_uri=<path to your endpoint>
You should get back a json encoded blob with an access token, expiry and refresh token.
Once you’ve performed an OAuth exchange, you will be provided with an access token. You can pass this token along with any web service API call to authenticate your request.