OAuth 1.0 is an open standard for token-based authentication and authorization, allowing users to grant third-party services limited access to their resources without exposing their credentials. Introduced in 2007, it enables applications to interact with an API on behalf of a user by exchanging a set of tokens instead of requiring direct login credentials. The core components of OAuth 1.0 include:
The consumer (Gravity)
The service provider (The system being connected to)
The user (the resource owner)
The process involves obtaining a request token, authorizing the request token, and then exchanging it for an access token, which is used to access the protected resources.
The OAuth 1.0 workflow consists of several steps:
The consumer requests a temporary request token from the service provider, which is then authorized by the user.
The user is usually redirected to the service provider’s authorization page, where they log in and grant permissions.
After authorization, the consumer exchanges the request token for an access token, which can be used to make authenticated API requests.
OAuth 1.0 employs a unique signature mechanism to ensure secure communication, where each request is signed using a combination of the consumer’s secret key, the token secret, and the request parameters, providing a robust method to prevent tampering and replay attacks.
Despite its security benefits, OAuth 1.0 has been largely superseded by OAuth 2.0, which offers a simplified workflow and improved flexibility.
Setting up OAuth 1.0
Despite OAuth 1.0 being mostly phased out, we do retain support for it. Setting up OAuth 1.0 is more or less automatic. The following arguments are required by default:
Consumer Key
Consumer Secret
Access Token
Token Secret
Realm
Each of these will be required upon setting up a workflow with this app. You can also add custom arguments (see Auth Fundamentals) and custom mappers as needed.