OAuth 1
This page is in development.
Introduction
OAuth 1.0 involves the use of cryptographic signatures for message integrity and verification. It requires the consumer (in this case, Patchworks) to sign API requests using a consumer secret, which is provided by the service provider. The service provider verifies these signatures to ensure the integrity of the requests.
Patchworks supports the following signature methods:
HMAC-SHA256
OAuth 1.0 has been largely superseded by OAuth 2.0.
How it works
Here's how OAuth 1 authentication works:
1 | Consumer registration | Resource owner/user | The Patchworks customer completes the consumer registration process with the third-party application service provider. During registration, the consumer obtains a unique consumer key and consumer secret. |
2 | User initiation | Resource owner/user | The user initiates the authorisation process by clicking on a login or authorisation button in the client application - in this case, when adding a Patchworks connector instance. |
3 | Token request | Consumer/client(Patchworks) | A request is sent to the service provider's token endpoint. This request includes a signature (generated by Patchworks), the consumer key, and a callback URL (where the user will be redirected after authentication). |
4 | User authentication | Service provider/ authorisation server | The service provider validates the request and authenticates the user. If the user is not already logged in, they are prompted to enter their credentials on the service provider's website. |
5 | Request token issued | Service provider/ authorisation server | After successful authentication, the service provider issues a request token, confirming approved access for Patchworks to access the user's resources. |
6 | User authorisation | Resource owner/user | The user is presented with a permission prompt by the service provider. The prompt explains what access the consumer is requesting and asks the user to grant or deny permission. |
7 | Redirect to consumer | Service provider/ authorisation server | When the user grants permission, the service provider redirects the user back to the Patchworks callback URL, together with the request token and additional parameters. |
8 | Access token request | Consumer/client(Patchworks) | Patchworks receives the request token and sends a request to the service provider's token endpoint, including the request token, consumer key, signature, and other necessary parameters. Note that the signature is the same signature that was used in step 3. |
9 | Access token issued | Service provider/ authorisation server | The service provider validates the request token and consumer credentials. If everything is OK, the service provider issues an access token and an access token secret to Patchworks. |
10 | Resource access | Consumer/client(Patchworks) | The consumer can include the access token in API requests to the service provider, to access the user's protected resources. |
OAuth 1 authentication examples
It can be useful to compare how existing connectors have been configured for OAuth 1 authentication.
Since OAuth 2 has largely taken over from OAuth 1, there aren't many examples in the Patchworks marketplace however, you will find both OAuth 1 and OAuth 2 defined for our NetSuite connector. You can install this for comparison.
Last updated