Ffffound! OAuth

OAuth is a new specification for 3rd-party authentication of web services. Read more about it at oauth.net. This OAuth implementation is a demonstration showing how an existing web service such as Ffffound! might support the OAuth to allow 3rd parties to accept and modify user data. See OAuth Implementor's Draft for an explanation. Contact me at mike-ffffound@teczno.com if something here is not working; my testing has been limited.

Endpoints

These endpoints correspond to those found in the spec.

  1. http://ffffound.teczno.com/auth/request-token
    (see 6.1: Obtaining an Unauthorized Request Token)
  2. http://ffffound.teczno.com/auth/authorize
    (see 6.2: Obtaining User Authorization)
  3. http://ffffound.teczno.com/auth/exchange-token
    (see 6.3: Obtaining an Access Token)

Keys & Secrets

Because we aren't interested in pre-approving API consumers, the corresponding consumer key and consumer secret values defined by OAuth are the same for all consumers.

Consumer key
ffffound-oauth-consumer-key, one for all consumers.
Consumer secret
ffffound-oauth-consumer-secret, one for all consumers.