OAuth service

This is the @freeXRI OAuth service endpoint. It allows external applications to access a user's i-name configuration on their behalf, in order to enable third party i-services.

Here you can find some information on how the OAuth protocol is used for this purpose.

Consumer Key and Consumer Secret

The OAuth protocol uses a Consumer Key and Consumer Secret for establishing the identity of a Consumer site, but it does not specify how those are obtained.

In our case, Consumers do not have to pre-register with our service. Instead we define a "Static Consumer" with the following credentials:

• Consumer Key: PUBLIC
• Consumer Secret: (empty string)

Obtaining an Unauthorized Request Token

The @freeXRI Request Token URL is http://oauth.freexri.com/oauth-obtain/.

When obtaining a Request Token, we support the following additional parameters in the OAuth request:

• xri_operation: This specifies the nature of the operation to be performed on a user's i-name configuration. Currently the following values for this parameter are supported:
  • xri_add_service: This adds a new SEP (service endpoint) to a user's i-name configuration.
• xri_iname: This is a user's i-name or i-number. The above operation will be performed on the configuration of this i-name or i-number.
• xri_service: If the value of the xri_operation parameter is xri_add_service, then this parameter holds the XML code of the SEP (service endpoint) to be added.

Obtaining User Authorization

The @freeXRI User Authorization URL is http://oauth.freexri.com/oauth-authorize/.

When redirecting to this URL, the user will be asked to authorize the requested operation.

Obtaining an Access Token

The @freeXRI Access Token URL is http://oauth.freexri.com/oauth-exchange/.

After the user has authorized a requested operation, the Request Token can be exchanged for an Access Token.

Accessing Protected Resources

After an Access Token has successfully been obtained, the final step is to execute the operation that has been requested in the first step.

The @freeXRI URL for executing an Access Token is http://oauth.freexri.com/oauth-execute/.

An OAuth request to this URL must be made only once, must include the usual OAuth parameters of the Accessing Protected Resources step, and must not include additional parameters.

After this final OAuth request succeeds, the Access Token is invalidated and cannot be used again.

More information

For more information about the OAuth protocol, please see the following sites:

• OAuth Home