Skip to main content

OAuth1 Authentication

OAuth1 is an older authorization protocol that requires signature-based request authentication. It is rarely used in modern APIs, but some legacy systems still require it.

Overview

OAuth1 authentication provides a secure way for applications to access user data without exposing user credentials. It uses a complex signature-based mechanism to secure each request.

Connector Definition

Example OAuth1 connector definition:

getOAuthConfig

Returns OAuth1 configuration used to build the authorization URL and token exchange. Supported implementation types

Configuration Parameters

ParameterDescription
consumerKeyThe OAuth1 consumer key (from connector parameters)
consumerSecretThe OAuth1 consumer secret
requestTokenUriThe endpoint for obtaining a request token
authorizeUriThe endpoint where users are redirected to authenticate
tokenUriThe endpoint for exchanging the request token for an access token
extraAdditional parameters to add to the authorize request

OAuth1 Flow

The OAuth1 flow in Membrane follows these steps:
  1. User initiates authentication
  2. Membrane requests a temporary token using the consumer key/secret
  3. User is redirected to the service’s authorization page with this token
  4. User authenticates and grants permissions
  5. Service redirects back to Membrane with a verification code
  6. Membrane exchanges this code for access tokens
  7. The tokens are stored as connection credentials
  8. Membrane uses these tokens to make signed API requests