server | client

OAuth Test Server

Instructions for Use

This is a test server with a predefined static set of keys and tokens, you can make your requests using them to test your code (and mine ;)).

Your Consumer Key / Secret

consumer key: key
consumer secret: secret

Use this key and secret for all your requests.

Getting a Request Token

request token endpoint: http://api.mh-freya-game.com/oauth/example/request_token.php

A successful request will return the following with new parameters returned in OAuth 2008.1:

oauth_token=requestkey&oauth_token_secret=requestsecret&oauth_expires_in=3600

An unsuccessful request will attempt to describe what went wrong using oauth_problem codes.

Example

http://api.mh-freya-game.com/oauth/example/request_token.php?oauth_version=1.0&oauth_nonce=03bfcc1b14fecb468818feb962a4057a&oauth_timestamp=1761683413&oauth_consumer_key=key&oauth_signature_method=RSA-SHA1&oauth_signature=DgtJdlCp9meEc0dUONrNMXeQaO3HbrUkpW%2Fr4QB0bQqWnjJ4MC8TKL6NDQzduiqOohiSlqYOzHoSYWMIq3AqHaao7OoYbYvCcNnEucilyuTuXYHh5%2FDM7mHGEl5ubI1PzCoee76w67w1Ybm%2BAAgdJj%2B7peEvly70g%2BsPAlxQfrI%3D

New in OAuth 2008.1

oauth_expires_in: a parameter defining when (in seconds) the use of this token will expire. If any calls are made using this token after expiration, one of the various oauth_problem values.
oauth_problem: a parameter sent when an oauth request failed. The value will be a code representing the reason for failure. Refer to the the list of oauth problem codes.

Getting an Access Token

The Request Token provided above is already authorized, you may use it to request an Access Token right away.

access token endpoint: http://api.mh-freya-game.com/oauth/example/access_token.php

A successful request will return the following with new parameters returned in OAuth 2008.1:

oauth_token=accesskey&oauth_token_secret=accesssecret&oauth_session_handle=sessionhandle&oauth_expires_in=3600&oauth_authorization_expires_in=3600

An unsuccessful request will attempt to describe what went wrong.

Example

http://api.mh-freya-game.com/oauth/example/access_token.php?oauth_version=1.0&oauth_nonce=81e76bac9a5290fb1db6d2e9caf30019&oauth_timestamp=1761683413&oauth_consumer_key=key&oauth_token=requestkey&oauth_signature_method=RSA-SHA1&oauth_signature=b0jBYo9VS5nvbfOJp1cVWE0kFi35R37%2BcsRgF637H5qwsuyGYGW7NJqJBAFwnSHadF2Bzqa8byIp%2BJ25Sc2W6gd7C4eE%2FtzvqTaOiw0GXUR67lxbwAWmJ0jk3dlEGsygx%2FqCXLsJWGDE8QxYdW6mz1wjMRWGOJx%2F2b9qVwzI%2FY4%3D

New in OAuth 2008.1

oauth_session_handle: The session handle is used to identify a session after an access token expires. A session handle is saved by the client and is only passed to the oauth server during an access token renewal request.
oauth_authorization_expires_in: Similar to oauth_expires_in, defines how many seconds until the session handle will expire.

New in OAuth 2008.1: Renewing an Access Token

A feature new in OAuth 2008.1 is access token renewal. When access tokens expire, you must acquire a new token using the renewal api.

access token renewal endpoint: http://api.mh-freya-game.com/oauth/example/access_token_renewal.php

A successful request will return the following:

oauth_token=accesskey&oauth_token_secret=accesssecret&oauth_session_handle=sessionhandle&oauth_expires_in=3600&oauth_authorization_expires_in=3600

An unsuccessful request will attempt to describe what went wrong.

Example

http://api.mh-freya-game.com/oauth/example/renew_access_token.php?oauth_version=1.0&oauth_nonce=55be637c9c0714187799b571158dcb32&oauth_timestamp=1761683413&oauth_consumer_key=key&oauth_token=accesskey&oauth_session_handle=sessionhandle&oauth_signature_method=RSA-SHA1&oauth_signature=l5KhfyQdrMcgm42GzjrEDz6jrPk1SK5aWpOJobzoc1MKKBDg53s8eSns2LGeVl%2BLqZgj4OJlBP20l%2FPacNWPpuP2ClN%2BtNzYAP9ihlJzvOIqV3A87ZAfCGm18wgRUDrRlYnWtvZMJ8DHSLnv9WOsTxmtXDCT1ZrE8YRfKRusF3s%3D

Making Authenticated Calls

Using your Access Token you can make authenticated calls.

api endpoint: http://api.mh-freya-game.com/oauth/example/echo_api.php

A successful request will echo the non-OAuth parameters sent to it, for example:

method=foo&bar=baz

An unsuccessful request will attempt to describe what went wrong.

Example

http://api.mh-freya-game.com/oauth/example/echo_api.php?oauth_version=1.0&oauth_nonce=60eab2577e44962c35af987bbee05b9e&oauth_timestamp=1761683413&oauth_consumer_key=key&method=foo%2520bar&bar=baz&oauth_token=accesskey&oauth_signature_method=RSA-SHA1&oauth_signature=H6Jo8zM58WW0wp1ZSxYc6pQzWA35yUvv2Asn4SLbA9RurW3fboYFHodK80%2BVIbdJ96a8RrH2fNWk3epKtLowV0b%2BVfahV6mlx4UOralKJn0nnZlq38eqiOpp%2FN7NVrpKYe7IMegAYZn65DhRek4LkZLV7TVd4x2KVtrXFa6FoXs%3D

Currently Supported Signature Methods

Current signing method is: RSA-SHA1

HMAC-SHA1(switch)
PLAINTEXT(switch)
RSA-SHA1

-----BEGIN PRIVATE KEY-----
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALRiMLAh9iimur8V
A7qVvdqxevEuUkW4K+2KdMXmnQbG9Aa7k7eBjK1S+0LYmVjPKlJGNXHDGuy5Fw/d
7rjVJ0BLB+ubPK8iA/Tw3hLQgXMRRGRXXCn8ikfuQfjUS1uZSatdLB81mydBETlJ
hI6GH4twrbDJCR2Bwy/XWXgqgGRzAgMBAAECgYBYWVtleUzavkbrPjy0T5FMou8H
X9u2AC2ry8vD/l7cqedtwMPp9k7TubgNFo+NGvKsl2ynyprOZR1xjQ7WgrgVB+mm
uScOM/5HVceFuGRDhYTCObE+y1kxRloNYXnx3ei1zbeYLPCHdhxRYW7T0qcynNmw
rn05/KO2RLjgQNalsQJBANeA3Q4Nugqy4QBUCEC09SqylT2K9FrrItqL2QKc9v0Z
zO2uwllCbg0dwpVuYPYXYvikNHHg+aCWF+VXsb9rpPsCQQDWR9TT4ORdzoj+Nccn
qkMsDmzt0EfNaAOwHOmVJ2RVBspPcxt5iN4HI7HNeG6U5YsFBb+/GZbgfBT3kpNG
WPTpAkBI+gFhjfJvRw38n3g/+UeAkwMI2TJQS4n8+hid0uus3/zOjDySH3XHCUno
cn1xOJAyZODBo47E+67R4jV1/gzbAkEAklJaspRPXP877NssM5nAZMU0/O/NGCZ+
3jPgDUno6WbJn5cqm8MqWhW1xGkImgRk+fkDBquiq4gPiT898jusgQJAd5Zrr6Q8
AO/0isr/3aa6O6NLQxISLKcPDk2NOccAfS/xOtfOz4sJYM3+Bs4Io9+dZGSDCA54
Lw03eHTNQghS0A==
-----END PRIVATE KEY-----

-----BEGIN CERTIFICATE-----
MIIBpjCCAQ+gAwIBAgIBATANBgkqhkiG9w0BAQUFADAZMRcwFQYDVQQDDA5UZXN0
IFByaW5jaXBhbDAeFw03MDAxMDEwODAwMDBaFw0zODEyMzEwODAwMDBaMBkxFzAV
BgNVBAMMDlRlc3QgUHJpbmNpcGFsMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
gQC0YjCwIfYoprq/FQO6lb3asXrxLlJFuCvtinTF5p0GxvQGu5O3gYytUvtC2JlY
zypSRjVxwxrsuRcP3e641SdASwfrmzyvIgP08N4S0IFzEURkV1wp/IpH7kH41Etb
mUmrXSwfNZsnQRE5SYSOhh+LcK2wyQkdgcMv11l4KoBkcwIDAQABMA0GCSqGSIb3
DQEBBQUAA4GBAGZLPEuJ5SiJ2ryq+CmEGOXfvlTtEL2nuGtr9PewxkgnOjZpUy+d
4TvuXJbNQc8f4AMWL/tO9w0Fk80rWKp9ea8/df4qMq5qlFWlx6yOLQxumNOmECKb
WpkUQDIDJEoFUzKMVuJf4KO/FJ345+BNLGgbJ6WujreoM1X/gYfdnJ/J
-----END CERTIFICATE-----

Further Resources

There is also a test client implementation in here.

The code running this example can be downloaded from the PHP section of the OAuth google code project: http://code.google.com/p/oauth/