The following explanation is designed as an interactive walkthrough with customizable inputs. Next to each set of inputs you will find an expand [+] icon allowing you to change the example and see how such changes affect the intermediate and final results. To expand the forms, click on the [+] icons which will open the form or click again to collapse. Making changes to the pre-filled values will immediately change the walkthrough content. You can also adjust the default values the example starts with by choosing from one of the pre-configured use cases.

[iframe 640 5000]

16 thoughts on “Authentication

  1. thanks for taking the time to write this article. i had to read some of twiters oauth stuff to get to a point where i understood this article, but that just shows how concise it was. thank you.

  2. fantastic – I appreciated that you took the time to explain concepts like hashing and utf-8 encoding along the way. Excellent article!

  3. Is the base string correct?

    The & after the method is not URL encoded yet the rest of the string is????

  4. “OAuth does not allow any other parameter to use the ‘oauth_’ prefix.” – this contradicts the last bullet of Appendix A of the RFC, I believe.

    Thanks for this great resource!

  5. “The Signature Base String includes the request absolute URL, tying the signature to a specific endpoint. The URL used in the Signature Base String MUST include the scheme, authority, and path, and MUST exclude the query and fragment as defined by [RFC3986] section 3.”

    But on this page if one adds a query string in the Request Path the parameters are not excluded.

Comments are closed.