Hi *, I'm trying to figure out how to implement OAuth for my own site, and something is still not completely clear. For example, I need to authenticate a certain class of users (site administrators) for a management interface. These users can see every kind of data and have read/write permissions on basically everything. Obviously, authentication and authorization is critical. This interface should basically authenticate against the main site with username and password and check for a given flag.
If I understood OAuth correctly the workflow is 1) The user points to foo.bar.com 2) foo.bar.com contacts bar.com and asks the user to login in case the user isn't 3) in case the credentials are right bar.com asks the user if the application foo.bar.com can use his data, in case the credentials are wrong the user is redirected to a bar.com page 4) foo.bar.com queries the account of the user and checks if he is an administrator Is this correct ? Another question I have is what happens when the user connects after some time, is he already authenticated or it's just a matter to set some kind of expiration time for the token ? thanks in advance, ngw --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "OAuth" group. To post to this group, send email to oauth@googlegroups.com To unsubscribe from this group, send email to oauth+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/oauth?hl=en -~----------~----~----~----~------~----~------~--~---