server | client

OAuth Test Server

Instructions for Use

This is a test server with a predefined static set of keys and tokens, you can make your requests using them to test your code (and mine ;)).

Your Consumer Key / Secret

Use this key and secret for all your requests.

Getting a Request Token

A successful request will return the following with new parameters returned in OAuth 2008.1:

oauth_token=requestkey&oauth_token_secret=requestsecret&oauth_expires_in=3600

An unsuccessful request will attempt to describe what went wrong using oauth_problem codes.

Example

http://api.mh-freya-game.com/oauth/example/request_token.php?oauth_version=1.0&oauth_nonce=0961e70e7ec4d3b77239f88174e0babf&oauth_timestamp=1752311255&oauth_consumer_key=key&oauth_signature_method=HMAC-SHA1&oauth_signature=DMaoxIbbrH4k3S9pjTyBeaCSCY8%3D

New in OAuth 2008.1

Getting an Access Token

The Request Token provided above is already authorized, you may use it to request an Access Token right away.

A successful request will return the following with new parameters returned in OAuth 2008.1:

oauth_token=accesskey&oauth_token_secret=accesssecret&oauth_session_handle=sessionhandle&oauth_expires_in=3600&oauth_authorization_expires_in=3600

An unsuccessful request will attempt to describe what went wrong.

Example

http://api.mh-freya-game.com/oauth/example/access_token.php?oauth_version=1.0&oauth_nonce=fc8b1c26fcea1c415a873fb6648cf471&oauth_timestamp=1752311255&oauth_consumer_key=key&oauth_token=requestkey&oauth_signature_method=HMAC-SHA1&oauth_signature=TKFVyb6wvbN0Hd%2BKV4rYqucM1nM%3D

New in OAuth 2008.1

New in OAuth 2008.1: Renewing an Access Token

A feature new in OAuth 2008.1 is access token renewal. When access tokens expire, you must acquire a new token using the renewal api.

A successful request will return the following:

oauth_token=accesskey&oauth_token_secret=accesssecret&oauth_session_handle=sessionhandle&oauth_expires_in=3600&oauth_authorization_expires_in=3600

An unsuccessful request will attempt to describe what went wrong.

Example

http://api.mh-freya-game.com/oauth/example/renew_access_token.php?oauth_version=1.0&oauth_nonce=efecc7824babe7c497219b0c9981b634&oauth_timestamp=1752311255&oauth_consumer_key=key&oauth_token=accesskey&oauth_session_handle=sessionhandle&oauth_signature_method=HMAC-SHA1&oauth_signature=IhPRKMF55KB8sg6fSomDFQ%2B2aK4%3D

Making Authenticated Calls

Using your Access Token you can make authenticated calls.

A successful request will echo the non-OAuth parameters sent to it, for example:

method=foo&bar=baz

An unsuccessful request will attempt to describe what went wrong.

Example

http://api.mh-freya-game.com/oauth/example/echo_api.php?oauth_version=1.0&oauth_nonce=c32b7a74dd8b640c23ae80c54b3657d2&oauth_timestamp=1752311255&oauth_consumer_key=key&method=foo%2520bar&bar=baz&oauth_token=accesskey&oauth_signature_method=HMAC-SHA1&oauth_signature=4ThpSs2yVfSmOx6X9LpASaUDLc0%3D

Currently Supported Signature Methods

Current signing method is: HMAC-SHA1

Further Resources

There is also a test client implementation in here.

The code running this example can be downloaded from the PHP section of the OAuth google code project: http://code.google.com/p/oauth/