Menu
I want to implement oauth 1 in my website and I was just wondering if
I have to change the request token once it was exchange to an access token?
Thanks in advance
894
Request tokens are meant to be temporary and unique. After giving one out, you should forget all about it once either a) a few minutes have passed or b) it was used to request an access token. Allowing reuse of request tokens would open you up to http replay attacks.
Section 6 of the OAuth 1.0 spec spells this out:
Request Token: Used by the Consumer to ask the User to authorize access to the Protected Resources. The User-authorized Request Token is exchanged for an Access Token, MUST only be used once, and MUST NOT be used for any other purpose. It is RECOMMENDED that Request Tokens have a limited lifetime.
53
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
