oauth-provider is a web-framework agnostic library for building server applications with OAuth authentication. Only the OAuth 1.0 standard is currently supported.
To use oauth-provider, pick an integration package from the list below depending on you web-framework of choice. Typical usage involves the following steps:
- Build up an
OAuthConfigurationvalue for either 1-, 2-, or 3-legged authentication.
- This entails building up various monadic actions for looking up the token secrets, generating token/secret pairs, checking timestamp and nonce for uniqueness, etc...
- Route requests for generating request tokens or access tokens to the provided functions:
- The 1-legged flow uses neither request tokens nor access tokens for authentication, but only the consumer token.
twoLeggedAccessTokenRequestfor 2-legged authentication
threeLeggedAccessTokenRequestfor 3-legged authentication
- Route all requests to "protected" resources via the
authenticatedfunction, which takes care of checking the request for valid authentication credentials.
oauth-provider is not tied to any specifc web-framework. It rather aims to provide the building blocks for building web-framework specific integration packages.
There are integrations packages (including examples) for the following 2 web-frameworks: