stackoom
  简体   繁体   中英

OAuth Request and Access Tokens

 原文  2011-06-21 02:23:14       oauth/ token/ access-token

Question

I want to implement oauth 1 in my website and I was just wondering if I have to change the request token once it was exchange to an access token ?

Thanks in advance

1 answers

solution1
 22 ACCPTED  2011-06-21 02:39:40

Request tokens are meant to be temporary and unique. After giving one out, you should forget all about it once either a) a few minutes have passed or b) it was used to request an access token. Allowing reuse of request tokens would open you up to http replay attacks.

Section 6 of the OAuth 1.0 spec spells this out:

Request Token: Used by the Consumer to ask the User to authorize access to the Protected Resources. The User-authorized Request Token is exchanged for an Access Token, MUST only be used once, and MUST NOT be used for any other purpose. It is RECOMMENDED that Request Tokens have a limited lifetime.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question request and access tokens in oauth Twitter oAuth - Request tokens Reusing OAuth Access Tokens Google OAuth access tokens How to convert twitter oAuth request tokens to access tokens in Windows 8 JavaScript (Metro) Guidance on retaining OAuth access tokens Keychain access in iOS for OAuth tokens Access tokens expiry in google oauth Stealing access tokens in oAuth2 OAuth Implementation - Revoke access tokens
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM