24 строки
806 B
ReStructuredText
24 строки
806 B
ReStructuredText
=====
|
|
OAuth
|
|
=====
|
|
|
|
The new API (``/api/2/*``) is powered by Piston and authentication is provided
|
|
for via OAuth. OAuth is a means for users to grant permissions to a third
|
|
party application to act on their behalf without supplying a username and
|
|
password.
|
|
|
|
The OAuth Dance
|
|
---------------
|
|
|
|
The OAuth "dance" involves a number of steps:
|
|
|
|
1. **Requesting an OAuth Request Token.** The third party app (e.g. Flight
|
|
Deck) requests a *Request Token* from the website (e.g. AMO).
|
|
2. The app sends the user with the *Request Token* to an authorization page.
|
|
3. The app requests an *Access Token* with the user-authorized *Request Token*.
|
|
|
|
Each of these reuqests must contain various OAuth headers, request parameters
|
|
and be signed in a specific manner.
|
|
|
|
This is detailed in our api tests in ``_oauth_flow``.
|