Hi, I'm going to implement the second OAuth endpoint called: Resource Owner Authorization. I will explain briefly this endpoint to make my question more clear.
Client (third-party app) make request to mentioned endpoint in order to obtain approval for accessing user (resource owner) resources. example request uri: https://www.server-with-cool-pictures.com/authorize?oauth_token=hh5s93j4hdidpola As the response authorization server: 1. requests user (resource owner) to sign in using his username and password, 2. if successful ask user to approve granting client (third-party app) access to protected resources. 3. redirect resource owner to client's callback url with unique verification code (or display it in case callback url is not provided) I am not sure how should this endpoint implementation looks like. It requires UI to authenticate user and confirm third-party app access, so some generic solution is needed. When client make request on Resource Owner Authorization URI with oauth_token I can validate that request and redirect to UI login page. I don't know how after user actions (login and client confirmation), go back to my service and redirect to the client (third-party app) callback url with generated validation code. Any help on that? Cheers, Lukasz Moren
