I have been using Oauth for a while but have never been completely sure of the difference between these four terms (and the functionality of each). I frequently see (for instance in the Twitter Public API)
Consumer key:
Consumer secret:
Access token:
and
Access token secret:
field but I have never known exactly what they do. I know that Oauth has the ability to authorize apps (let them act on a user's behalf) but I do not understand the relationship between these four authorization terms and would love an explanation.
Basically, I am not sure how the access token or token secret are generated, where they are stored, and what relation they have to each other or to the consumer key and secret.
Thank you
Consumer key is essentially the API key associated with the application (Twitter, Facebook, etc.). This key (or 'client ID', as Facebook calls it) is what identifies the client. By the way, a client is a website/service that is trying to access an end-user's resources.
Consumer secret is the client password that is used to authenticate with the authentication server, which is a Twitter/Facebook/etc. server that authenticates the client.
Access token is what is issued to the client once the client successfully authenticates itself (using the consumer key & secret). This access token defines the privileges of the client (what data the client can and cannot access). Now every time the client wants to access the end-user's data, the access token secret is sent with the access token as a password (similar to the consumer secret).
Hope that clears it up. I would recommend skimming through the beginning of the oAuth 2.0 spec. It's really informative.
There are two type of authentication, the first one is called authentication which uses the consumer key and consumer secret to identify this client and be sure that it is a valid account, the second one called authorization, it allows the resources server to identify which kind of actions you have the permission to do with data or what we call a resource, this operation uses access token and access token secret.
For further details, take a look at this useful slides from google:
https://docs.google.com/presentation/d/1KqevSqe6ygWVj4U-wlarKU7-SVR79x-vjpR4gEc4A9Q/edit?pli=1#slide=id.g1697c74a_1_14
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 姐就是有狂的资本 的文章《What is the Access Token vs. Access Token Secret a》','https://www.manongdao.com/article-195201.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}