Xauth-android client Authorization

Xauth is actually a simplified version of oauth. Currently, Xauth is only available for desktop and mobile clients. Use oauth for Web applications. Xauth is designed to enhance the user experience of the client and reduce the number of page jumps. For desktop and mobile applications that use Xauth authentication, you can skip oauth/request_token (GET request
You can obtain the access token through the oauth/access_token interface after providing the username and password. Then, use this access token to obtain the data.

The disadvantage of Xauth is that it exposes the user name and password to a third-party application, so the Xauth protocol is only applicable to applications with special authorization on the open platform, that is, the Xauth permission is granted to the client only when the open platform fully trusts this application.

1. Construct a basestring

* X_auth_username: User Name (that is, the email address used by the user in Sina pass .)

* X_auth_password: Password

* X_auth_mode: Id field, which must be "client_auth ".

* Oauth_consumer_key: the app key generated when an application is created.

* Oauth_signature_method: Specifies the signature method. We recommend that you use "HMAC-SHA1 ".

* Oauth_timestamp: timestamp. Timestamp when base string is generated.

* Oauth_nonce: a random string at a time to prevent repeated attacks.

* Oauth_version: oauth Protocol version. Enter "1.0 ".

Generate a basestring as follows:

Post & HTTP % 3A % 2f % token % 2 foauth % 2faccess_token & token % 26oauth_nonce % 3d-794036333% signature % 3dhmac-sha1% 26oauth_timestamp % signature % 26oauth_version % 3d1. 0% 26 Source % 3d1852823608% 26x_auth_mode % 3dclient_auth % 26x_auth_password % 3d ------ % 26x_auth_username % 3d --------- % 2540sina.cn

Where: % 2540sina.cn = @ Sina.com

2. Use the generated basestring to generate oauth_signature through the HMAC-SHA1 algorithm. The example is as follows:
Iviihhwxwmfllizbedosyq + xc1o =

3. encapsulate the following parameters into an HTTP request header and submit a POST request to the oauth/access_token interface:

X_auth_username: User Name (that is, the email address used by the user in Sina pass .)

X_auth_password: Password

X_auth_mode: Id field, which must be "client_auth ".

Oauth_consumer_key: the app key generated when the application is created.

Oauth_signature_method: signature method. We recommend that you use HMAC-SHA1 ".

Oauth_timestamp: timestamp. Timestamp when base string is generated.

Oauth_nonce: a random string at a time to prevent repeated attacks. This parameter only supports ASCII strings.

Oauth_version: oauth Protocol version. Enter "1.0 ".

Oauth_signature: Signature value, which is calculated by the HMAC-SHA1 Algorithm Based on the base string generated based on the above parameters.

Oauth

Oauth_consumer_key = "1852823608 ",

Oauth_signature_method = "HMAC-SHA1 ",

Oauth_time stamp = "1291944694 ",

Oauth_nonce = "-794036333 ",

Oauth_versions = "1.0 ",

Oauth_signature = "iviihhwxwmfllizbedosyq % 2bxc1o % 3d ",

Source = "1852823608 ",

X_auth_mode = "client_auth ",

X_auth_password = "------",

X_auth_username = --------- @ sina.cn

4. The returned results are as follows:

Oauth_token = 160e537d530fd105669fd79a4f1dc286 & oauth_token_secret = a9c46c081842bd08f55e8f0265d8fea3 & user_id = 160984721

Split the returned result by "&". The value of oauth_token is access_token.

So far, we will use the access token to request data each time ~

This article is based on the content of Xauth of Sina open platform ~