OAuth Spec: why do some implementations return an access_token + access_token_secret and others just an access token? -


case in point:

the facebook https://graph.facebook.com/oauth/access_token endpoint, in handing off code access token, returns access_token , expires. instagram seems same.

on other hand, twitter https://api.twitter.com/oauth/access_token returns both access_token , access_token secret.

subsequently, when accessing facebook api endpoints, send access_token request. on other hand, accessing twitter endpoints requires signing request secret well.

the reason ask: i'm implementing own oauth web app api, , make sure conform standards. designed act twitter, don't understand why facebook & instagram act in way do.

facebook , instagram use oauth 2.0 protocol whereas twitter uses oauth 1.0a protocol. posts here , here may understand differences.


Comments

Popular posts from this blog

get url and add instance to a model with prefilled foreign key :django admin -

css - Make div keyboard-scrollable in jQuery Mobile? -

ruby on rails - Seeing duplicate requests handled with Unicorn -