> ## Documentation Index
> Fetch the complete documentation index at: https://docs.membrane.agency/llms.txt
> Use this file to discover all available pages before exploring further.

# OAuth1

# OAuth1 Authentication

OAuth1 is an older authorization protocol that requires signature-based request authentication. It is rarely used in modern APIs, but some legacy systems still require it.

## Overview

OAuth1 authentication provides a secure way for applications to access user data without exposing user credentials. It uses a complex signature-based mechanism to secure each request.

## Connector Definition

Example OAuth1 connector definition:

```yaml theme={null}
# Connector definition: OAuth1 authentication with signature-based requests
type: oauth1

# OAuth1 configuration: consumer credentials and endpoints
getOAuthConfig:
  type: mapping
  mapping:
    consumerKey:
      $var: connectorParameters.consumerKey
    consumerSecret:
      $var: connectorParameters.consumerSecret
    requestTokenUri: https://api.example.com/oauth/request_token
    authorizeUri: https://api.example.com/oauth/authorize
    tokenUri: https://api.example.com/oauth/access_token
    extra:
      custom_param: value

# API client configuration
makeApiClient:
  type: mapping
  mapping:
    baseUri: https://api.example.com

# Connection test
test:
  type: javascript
  code: |
    export default async function ({ apiClient }) {
      const user = await apiClient.get("/user")
      return user.id !== undefined
    }
```

## getOAuthConfig

Returns OAuth1 configuration used to build the authorization URL and token exchange.

**Supported implementation types**

* [Mapping](/docs/references/functions/function-types/mapping)
* [Javascript](/docs/references/functions/function-types/javascript)

### Configuration Parameters

| Parameter         | Description                                                       |
| ----------------- | ----------------------------------------------------------------- |
| `consumerKey`     | The OAuth1 consumer key (from connector parameters)               |
| `consumerSecret`  | The OAuth1 consumer secret                                        |
| `requestTokenUri` | The endpoint for obtaining a request token                        |
| `authorizeUri`    | The endpoint where users are redirected to authenticate           |
| `tokenUri`        | The endpoint for exchanging the request token for an access token |
| `extra`           | Additional parameters to add to the authorize request             |

## OAuth1 Flow

The OAuth1 flow in Membrane follows these steps:

1. User initiates authentication
2. Membrane requests a temporary token using the consumer key/secret
3. User is redirected to the service's authorization page with this token
4. User authenticates and grants permissions
5. Service redirects back to Membrane with a verification code
6. Membrane exchanges this code for access tokens
7. The tokens are stored as connection credentials
8. Membrane uses these tokens to make signed API requests
