The last post on Skiyo blog was posted about the HTML web page tutorial

Just use the example to give an example. But I didn’t elaborate on the protocol…

Today Skiyo will introduce the difference and improvement between 1.0a and 1.0.

The premise is that you have already seen the agreement. Have a simple understanding of the deal.

The improvements in 1.0a mainly include advanced HTML tutorial and the following:

1. 0auth_callback parameter is placed in the request Token. The callback parameter is no longer accepted in authorizing. At the same time, when the request Token returns the parameter, the oauth_callback_confirmed parameter is also added. The value must be true.

At 1.0, Skiyo team need to specify a callback address and coding for HTML tutorial. Skiyo Blog need to bring in the callback parameter when requesting authorize. Then use it for user authorization and return.

In 1.0a, the parameter of this oauth_callback becomes a mandatory parameter. And the address must be placed in the first request Request Token. Also as a parameter of base_string if the callback address of the third-party application does not exist or is otherwise impossible An application with a callback address (such as a desktop application). This parameter must be [oob] (the content in square brackets is case sensitive). If the server receives it, you need to add an oauth_callback_confirmed parameter. The value must be [true] (in the brackets).

2. After the authorization is over, increase the oauth_verifier parameter.

After the authorization is successful in 1.0, jump directly into the callback to obtain the Access Token operation.

In 1.0a, after the authorization is successful, the server will return a parameter named oauth_verifier. It is used as the necessary parameter to get the Access Token in the next step.

If the third-party application does not have a callback address, the server needs to display the oauth_verifier parameter and inform the user that it needs to authenticate to the third-party application manually. The service provider needs to ensure that the value is available on some individual devices (such as mobile phones) — manual input.

This parameter is not needed during future request API validation.

Ok. I know the difference is so much. If you have any difference, you can tell me to supplement it or read our HTML web page tutorial.

Also, the 1.0a protocol is now obsolete. Because OAuth already has a formal 1.0 protocol and has become the RFC5849 standard.

Leave a Reply