OAuth Spec: why do some implementations return an access_token + access_token_secret and others just an access token? -


case in point:

the facebook https://graph.facebook.com/oauth/access_token endpoint, in handing off code access token, returns access_token , expires. instagram seems same.

on other hand, twitter https://api.twitter.com/oauth/access_token returns both access_token , access_token secret.

subsequently, when accessing facebook api endpoints, send access_token request. on other hand, accessing twitter endpoints requires signing request secret well.

the reason ask: i'm implementing own oauth web app api, , make sure conform standards. designed act twitter, don't understand why facebook & instagram act in way do.

facebook , instagram use oauth 2.0 protocol whereas twitter uses oauth 1.0a protocol. posts here , here may understand differences.


Comments

Popular posts from this blog

c++ - llvm function pass ReplaceInstWithInst malloc -

Cross-Compiling Linux Kernel for Raspberry Pi - ${CCPREFIX}gcc -v does not work -

java.lang.NoClassDefFoundError When Creating New Android Project -