.. include:: common.rst

OAuth
=====

.. http:post:: /api/oauth/request_token

  Allows a Consumer application to obtain an OAuth Request Token to request user
  authorization. This method fulfills Section 6.1 of the OAuth 1.0
  authentication flow. It is strongly recommended you use HTTPS for all OAuth
  authorization steps.

  :form oauth_callback: URL for callback or ``oob``
  :reqheader Authorization: |oauth|

  **Example response**::

    oauth_token=b41de9b1026dfa4506f043f3c50fea21&oauth_token_secret=29f365bba6ccd55d72703f75ee1fhb1f&oauth_callback_confirmed=true

.. http:get:: /api/oauth/authorize

  Allows a Consumer application to use an OAuth Request Token to request user
  authorization. This method fulfills Section 6.2 of the OAuth 1.0
  authentication flow.

  :query string oauth_token: |oauth|

  In response you will get a web page to allow access for an application. After
  allowing it, you will get a security code.

.. http:post:: /api/oauth/access_token

  Allows a Consumer application to exchange the OAuth Request Token for an OAuth
  Access Token. This method fulfills Section 6.3 of the OAuth 1.0 authentication
  flow. The OAuth access token may also be used for xAuth operations.

  :reqheader Authorization: |oauth|

  **Example response**::

    oauth_token=fb05a0d00257gf0e1cb39f0c8d59575e&oauth_token_secret=ab78cf28ca6536ae78f4082d4e1a0331

.. todo:: research /api/oauth/authenticate