Sep 26th, 2011, 04:38 AM
why do we need both access token and request token?
I don’t understand why do we need both access token and request token. Wouldn’t having only access token be sufficient enough?
For example, in the Oauth workflow I read from hueniverse:http://hueniverse.com/oauth/guide/workflow/
beppa(client) can just redirects Jane(resource owner) to faji(server) on its behalf and get the access token after Jane logs in to faji. Can someone please tell me why? Thanks!!
Sep 26th, 2011, 04:49 AM
I'm not sure if this is correct. I googled it a bit more, and it sounds like request token is used by the client to identify itself to the server. Is that right?