OAuth

Ursula is a photographer, and she loves the photo house called Sophia’s. The place is nice and clean, the service is superb, and the price is reasonable. Since Ursula’s free-lance business is doing pretty well, she uses Sophia’s quite often and enjoys 20% discount as part of their VIP program.

It’s Christmas time, and Ursula receives lots of orders to take family portrait in customer’s houses. Running around like crazy to fulfill all the orders, she could no longer visit Sophia’s to pick up the finished prints.

There is this super nice and considerable customer named Claire who offers to pick up the prints on her own from Sophia’s. Ursula loves this idea. However, there is one problem. Sophia’s treats privacy vey seriously. They would not allow anyone to pick up Ursula’s prints without Ursula’s driver license. Ursula obviously cannot give Claire her driver license because, well, there is simply not enough trust in here and asking Claire to later return the driver license is also too much.

Ursula checks with Sophia about this situation, and is happy to find out there is another way to delegate access to her prints. She just needs to follow these procedures.

  1. Make sure Claire is registered at Sophia’s. This is to make sure if Claire does something bad, Sophia’s can track her down. This is one-time process.

  2. If Claire is indeed on file at Sophia’s, when she is ready to come in and pick up the pictures, she needs to have something called the Access Token. The Access Token basically says the token holder is authorized to access which resource during which time period. In this case, it should say the holder is authorized to pick up Ursula’s prints on her behalf.

  3. To get the Access Token, Claire needs a Request Token endorsed by Ursula for exchange. She first calls Sophia’s to get a general Request Token. Based on instructions on the Request Token, Claire asks Ursula to call Sophia’s directly to validate this Request Token. When the validation is successful, Sophia’s asks Ursula to call Claire and tell her the Request Token is now endorsed.

  4. With the endorsed Request Token, Claire then calls Sophia’s to exchange it for a long term Access Token.

  5. With the Access Token, Claire can visit Sophia’s at any time before the token expires to get the prints as authorized by Ursula.