Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why does OAuth provide both an access token and an access token secret? Why not just a single value?

Tags:

oauth

Why does OAuth include both an access token and an access token secret as two separate values? As a consumer or OAuth, all of the recommendations that I have seen indicate that I should store the token and secret together and essentially treat them as one value.

So why does the specification require two values in the first place?

like image 913
John Bledsoe Avatar asked Apr 29 '10 20:04

John Bledsoe


1 Answers

Actually, the access token secret is never transmitted to the provider. Instead, requests transmit the access token, and then use the secret to sign the request. That is why you need both: one to identify, and one to secure

like image 115
yydl Avatar answered Sep 28 '22 10:09

yydl