Last updated March 6, 2014. Created by skyredwang on October 15, 2010.
Edited by ishmael-sanchez, petermonica, figaro. Log in to edit this page.

After the installation of the OAuth module and the modules that OAuth depends on is finished, go to /admin/settings/oauth/list.

1) Create an OAuth context, by clicking the "add context" link.

Below are some properties copied from oauthloginprovider module as an example:

$context = new stdClass;
$context->disabled = FALSE; /* Edit this to true to make a default context disabled initially */
$context->name = 'oauthlogin';
$context->title = 'OAuth login';
$context->authorization_options = array(
  'access_token_lifetime' => '120',
  'page_title' => 'Login to @appname',
  'message' => 'Hi @user! Click on the "login" button to log in to @appname. This will log you in to @appname and give it access to details like your username and email, but not to your password.',
  'warning' => 'Click here if you didn\'t ask to be logged in to @appname.',
  'deny_access_title' => 'Cancel',
  'grant_access_title' => 'Login',
  'disable_auth_level_selection' => 1,
  'signature_methods' => array(
    0 => 'HMAC-SHA1',
    1 => 'HMAC-SHA256',
    2 => 'HMAC-SHA384',
    3 => 'HMAC-SHA512',
  ),
  'default_authorization_levels' => array(
    0 => 'user_info',
  ),
);
$context->authorization_levels = array(
  'user_info' => array(
    'title' => 'Yes, I want to log in to @appname as @user',
    'description' => 'This will log you in to @appname and give it access to details like your username and email, but not to your password.',
  ),
);

Please copy and paste the values into your OAuth Context configuration

2) Create a consumer key by going to your user profile page, and click Application, then add application (/user/*/applications).
Give your application a name, a callback URL (http://yoursite.com/oauth/request_token), and choose the context that we created early in section 1.

Note: Anything other than http://yoursite.com/oauth/request_token gives a Page Not Found error. It might be a bug.

After creating an application, click Edit to view the detailed information. We will need Consumer key and Consumer secret.

3) Find a OAuth Client, for example: http://somesite.com/oauth/example/client.php

a) Get a Request Token:
Put your request token url, it is http://yoursite.com/oauth/request_token
Enter a Consumer key and Consumer secret.
You will see something like oauth_token=c5zqDpWuU5Lt2k3exXPYjHeLiRQHQWyQ&oauth_token_secret=yjUmFEHtERQRFFAjAQ8n4LGbBuV6kbH8,if not, something else is wrong, and you should go back to fix the problem first.

a) We need the oauth_token and oauth_token_secret for this second step ---- Authorizing
Put your authorizing url, it's http://yoursite.com/oauth/authorize
Put oauth_token and oauth_token

b) To be continued....

Looking for support? Visit the Drupal.org forums, or join #drupal-support in IRC.

Comments

Hi,
Thanks for taking the time to get this documented. Can you please explain it further ?
I'm trying to use services with oauth so i need an access_token.

Thanks

a screencast of this starting with a fresh Drupal install would be a massive help. Two days of head scratching trying to link up partial, possibly outdated chunks of information, and I'm making little progress... I will be (very) happy to volunteer a draft "beginners guide" if I can get started with all of this...

I've followed every step and always end up with:

Error
The website encountered an unexpected error. Please try again later.

when attempting step 3.

I had to apply a few patches to resolve my issues in d6, but once i did i was easily able to authorize myself and link my oauth provider to my web service.

After much google'ing and piecing things together, I'm still having a difficult time figuring this out. It appears a tutorial for this is much needed.

Where is the last step?

b) To be continued....

How do I access the resources at /oauthlogin/api/user/info once the oauth handshake is complete? No one seems to know!

Provider Setup

URL
http://192.168.2.100/njsapi/provider/

Modules
OAuth 6.x-3.0-beta4
OAuth Login Provider 6.x-1.1
OAuth Provider UI 6.x-3.0-beta4
Services 6.x-3.1

Permissions:
oauth authorize any consumers anon and auth
oauth authorize consumers in oauthlogin anon and auth
oauth register any consumers anon and auth
oauth register consumers in oauthlogin anon and auth

User called test with consumer settings:

Consumer name: test_consumer
Callback url: http://192.168.2.100/njsapi/client/oauth/authorized/1
(this url was provided on the client side when I added a connector)
Application context: OAuth login
Key: xxxxxxxx
Secret: xxxxxxxx

Client Setup

URL
http://192.168.2.100/njsapi/client/

OAuth 6.x-3.0-beta4
OAuth Connector 6.x-1.x-dev
Connector 6.x-1.x-dev
Http Client 6.x-2.3
Http Client OAuth 6.x-2.3 (is packaged with Http Client)

Permissions:
oauth authorize any consumers anon and auth
oauth register any consumers anon and auth

Connector config

$provider = new stdClass;
$provider->disabled = FALSE; /* Edit this to true to make a default provider disabled initially */
$provider->name = 'test';
$provider->title = 'test';
$provider->url = 'http://192.168.2.100/njsapi/provider/';
$provider->consumer_advanced = array(
  'signature method' => 'HMAC-SHA1',
  'authentication realm' => '',
  'request token endpoint' => '/oauth/request_token',
  'authorization endpoint' => '/oauth/authorize',
  'access token endpoint' => '/oauth/access_token',
);
$provider->mapping = array(
  'fields' => array(
    'uid' => array(
      'resource' => 'http://192.168.2.100/njsapi/provider/oauthlogin/api/user/info',
      'method post' => 1,
      'field' => 'uid',
      'querypath' => FALSE,
    ),
    'real name' => array(
      'resource' => 'http://192.168.2.100/njsapi/provider/oauthlogin/api/user/info',
      'method post' => 1,
      'field' => 'name',
      'querypath' => FALSE,
    ),
    'avatar' => array(
      'resource' => '',
      'method post' => 0,
      'field' => '',
      'querypath' => FALSE,
    ),
  ),
  'format' => 'php',
);

Connector block enabled

NOTE - the trailing slash on $provider->url - I was experiencing the same issues as above until I added that slash

I can go to client and click on "connect with test" and if I am logged in to an account on the provider side already i get redirected back to the client and logged in with a username of the form oauthconnector_test__1

If I am not logged in on the provider side I get to the provider login form - after I login I get a 404 as I get redirected incorrectly to http://192.168.2.100/njsapi/provider//njsapi/provider/oauth/authorize?oa... (if I fix the url to be http://192.168.2.100/njsapi/provider/oauth/authorize?oauth_token=xxxxxxxxxx) I get redirected to the client correctly and authenticated.

So everything seems to work fine with this setup apart from the login url destination query parameter.

Edit: On provider edit oauthlogin service and enable application/x-www-form-urlencoded under Request Parsing in the Server settings tab.

@fridge.search('beer');