OAuth 1
Last updated
This page is in development.
OAuth 1.0 involves the use of cryptographic signatures for message integrity and verification. It requires the consumer (in this case, Patchworks) to sign API requests using a consumer secret, which is provided by the service provider. The service provider verifies these signatures to ensure the integrity of the requests.
Patchworks supports the following signature methods:
HMAC-SHA256
OAuth 1.0 has been largely superseded by OAuth 2.0.
Here's how OAuth 1 authentication works:
It can be useful to compare how existing connectors have been configured for OAuth 1 authentication.
Since OAuth 2 has largely taken over from OAuth 1, there aren't many examples in the Patchworks marketplace however, you will find both OAuth 1 and OAuth 2 defined for our NetSuite connector. You can install this for comparison.
1
Consumer registration
Resource owner/user
The Patchworks customer completes the consumer registration process with the third-party application service provider. During registration, the consumer obtains a unique consumer key and consumer secret.
2
User initiation
Resource owner/user
The user initiates the authorisation process by clicking on a login or authorisation button in the client application - in this case, when adding a Patchworks connector instance.
3
Token request
Consumer/client(Patchworks)
A request is sent to the service provider's token endpoint. This request includes a signature (generated by Patchworks), the consumer key, and a callback URL (where the user will be redirected after authentication).
4
User authentication
Service provider/ authorisation server
The service provider validates the request and authenticates the user. If the user is not already logged in, they are prompted to enter their credentials on the service provider's website.
5
Request token issued
Service provider/ authorisation server
After successful authentication, the service provider issues a request token, confirming approved access for Patchworks to access the user's resources.
6
User authorisation
Resource owner/user
The user is presented with a permission prompt by the service provider. The prompt explains what access the consumer is requesting and asks the user to grant or deny permission.
7
Redirect to consumer
Service provider/ authorisation server
When the user grants permission, the service provider redirects the user back to the Patchworks callback URL, together with the request token and additional parameters.
8
Access token request
Consumer/client(Patchworks)
Patchworks receives the request token and sends a request to the service provider's token endpoint, including the request token, consumer key, signature, and other necessary parameters. Note that the signature is the same signature that was used in step 3.
9
Access token issued
Service provider/ authorisation server
The service provider validates the request token and consumer credentials. If everything is OK, the service provider issues an access token and an access token secret to Patchworks.
10
Resource access
Consumer/client(Patchworks)
The consumer can include the access token in API requests to the service provider, to access the user's protected resources.