I want to implement oauth 1
in my website and I was just wondering if
I have to change the request token
once it was exchange to an access token
?
Thanks in advance
Request tokens are meant to be temporary and unique. After giving one out, you should forget all about it once either a) a few minutes have passed or b) it was used to request an access token. Allowing reuse of request tokens would open you up to http replay attacks.
Section 6 of the OAuth 1.0 spec spells this out:
Request Token: Used by the Consumer to ask the User to authorize access to the Protected Resources. The User-authorized Request Token is exchanged for an Access Token, MUST only be used once, and MUST NOT be used for any other purpose. It is RECOMMENDED that Request Tokens have a limited lifetime.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With