server | client

OAuth Test Server

Instructions for Use

This is a test server with a predefined static set of keys and tokens, you can make your requests using them to test your code (and mine ;)).

Your Consumer Key / Secret

Use this key and secret for all your requests.

Getting a Request Token

A successful request will return the following with new parameters returned in OAuth 2008.1:

oauth_token=requestkey&oauth_token_secret=requestsecret&oauth_expires_in=3600

An unsuccessful request will attempt to describe what went wrong using oauth_problem codes.

Example

http://api.mh-freya-game.com/oauth/example/request_token.php?oauth_version=1.0&oauth_nonce=7a10192efb0f448614ff170b04a4530a&oauth_timestamp=1742046491&oauth_consumer_key=key&oauth_signature_method=RSA-SHA1&oauth_signature=ID3LxI%2FjIuuhxjT2pKNRAKFUTvoH2a9Tv%2BzWPW2kqKVDLeLskaFSvJ2ICRzmzO8pQ6KiTw0PrRVfugCy3cerwbjhoV%2F6uPcxSauH3WJ%2F%2BjBPnO%2Fl%2FF5Fz9r5DJbtWr%2FOxvRGz0ahyPBKJbWFKrWvE3AKjnmQihGHJKp0zK3qInY%3D

New in OAuth 2008.1

Getting an Access Token

The Request Token provided above is already authorized, you may use it to request an Access Token right away.

A successful request will return the following with new parameters returned in OAuth 2008.1:

oauth_token=accesskey&oauth_token_secret=accesssecret&oauth_session_handle=sessionhandle&oauth_expires_in=3600&oauth_authorization_expires_in=3600

An unsuccessful request will attempt to describe what went wrong.

Example

http://api.mh-freya-game.com/oauth/example/access_token.php?oauth_version=1.0&oauth_nonce=4339a8b60f38e5811e1d208dc9067b07&oauth_timestamp=1742046491&oauth_consumer_key=key&oauth_token=requestkey&oauth_signature_method=RSA-SHA1&oauth_signature=RwU8nkmOJo0tZGUDcYvz3hbVQaeqA1wpKY7%2Be4d25L%2FKyIW6Wou3JrZxirR47rzeIjyhaCxUTE%2BkuXvwSn9SBZCyyZU2Rz8KfaT56sL5oHRnmMJb7EF%2B3BPtKCwPcuQ17RgfuxyWDEGRn3c9Mbj3AZDE6MQRn3WscKhsQBnmGKw%3D

New in OAuth 2008.1

New in OAuth 2008.1: Renewing an Access Token

A feature new in OAuth 2008.1 is access token renewal. When access tokens expire, you must acquire a new token using the renewal api.

A successful request will return the following:

oauth_token=accesskey&oauth_token_secret=accesssecret&oauth_session_handle=sessionhandle&oauth_expires_in=3600&oauth_authorization_expires_in=3600

An unsuccessful request will attempt to describe what went wrong.

Example

http://api.mh-freya-game.com/oauth/example/renew_access_token.php?oauth_version=1.0&oauth_nonce=a7b5b112e6bf5a46fc624745328b53db&oauth_timestamp=1742046491&oauth_consumer_key=key&oauth_token=accesskey&oauth_session_handle=sessionhandle&oauth_signature_method=RSA-SHA1&oauth_signature=bvsQ3puJx984LdFxpJ9KF6cGywlsU9%2FKx6w%2B2YJ5OyouWMsugjVktwSynAt5AJZwq8ePlICsXDCTnNeAgk4NQoSfL2OHF11AcPAtyKZyTMSfXd2r%2FERF417KMO5SsW4FHeocQ3OSDMzFcI%2FriwYG0cxiTcZsL5CEeTUq8V%2BUaEs%3D

Making Authenticated Calls

Using your Access Token you can make authenticated calls.

A successful request will echo the non-OAuth parameters sent to it, for example:

method=foo&bar=baz

An unsuccessful request will attempt to describe what went wrong.

Example

http://api.mh-freya-game.com/oauth/example/echo_api.php?oauth_version=1.0&oauth_nonce=c61f167d8ddbd456e64e9091a6066771&oauth_timestamp=1742046491&oauth_consumer_key=key&method=foo%2520bar&bar=baz&oauth_token=accesskey&oauth_signature_method=RSA-SHA1&oauth_signature=TrG73dYOww6wYkfOGdAlMdlO1jmq5Eoy%2BSQSMAmIzsp4ucYu5mItsTw3NiBWjUGNtzw7dP4otwYqWJ4y6o4dNzP2%2FClmCXz91EqLJKg5S1RgNU4MtMDyVEr0SGZK0yMf9WJcEOk1OjwakRoR1U3tbWM308AaY8WhLrvNqFGzSRE%3D

Currently Supported Signature Methods

Current signing method is: RSA-SHA1

-----BEGIN PRIVATE KEY-----
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALRiMLAh9iimur8V
A7qVvdqxevEuUkW4K+2KdMXmnQbG9Aa7k7eBjK1S+0LYmVjPKlJGNXHDGuy5Fw/d
7rjVJ0BLB+ubPK8iA/Tw3hLQgXMRRGRXXCn8ikfuQfjUS1uZSatdLB81mydBETlJ
hI6GH4twrbDJCR2Bwy/XWXgqgGRzAgMBAAECgYBYWVtleUzavkbrPjy0T5FMou8H
X9u2AC2ry8vD/l7cqedtwMPp9k7TubgNFo+NGvKsl2ynyprOZR1xjQ7WgrgVB+mm
uScOM/5HVceFuGRDhYTCObE+y1kxRloNYXnx3ei1zbeYLPCHdhxRYW7T0qcynNmw
rn05/KO2RLjgQNalsQJBANeA3Q4Nugqy4QBUCEC09SqylT2K9FrrItqL2QKc9v0Z
zO2uwllCbg0dwpVuYPYXYvikNHHg+aCWF+VXsb9rpPsCQQDWR9TT4ORdzoj+Nccn
qkMsDmzt0EfNaAOwHOmVJ2RVBspPcxt5iN4HI7HNeG6U5YsFBb+/GZbgfBT3kpNG
WPTpAkBI+gFhjfJvRw38n3g/+UeAkwMI2TJQS4n8+hid0uus3/zOjDySH3XHCUno
cn1xOJAyZODBo47E+67R4jV1/gzbAkEAklJaspRPXP877NssM5nAZMU0/O/NGCZ+
3jPgDUno6WbJn5cqm8MqWhW1xGkImgRk+fkDBquiq4gPiT898jusgQJAd5Zrr6Q8
AO/0isr/3aa6O6NLQxISLKcPDk2NOccAfS/xOtfOz4sJYM3+Bs4Io9+dZGSDCA54
Lw03eHTNQghS0A==
-----END PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIBpjCCAQ+gAwIBAgIBATANBgkqhkiG9w0BAQUFADAZMRcwFQYDVQQDDA5UZXN0
IFByaW5jaXBhbDAeFw03MDAxMDEwODAwMDBaFw0zODEyMzEwODAwMDBaMBkxFzAV
BgNVBAMMDlRlc3QgUHJpbmNpcGFsMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB
gQC0YjCwIfYoprq/FQO6lb3asXrxLlJFuCvtinTF5p0GxvQGu5O3gYytUvtC2JlY
zypSRjVxwxrsuRcP3e641SdASwfrmzyvIgP08N4S0IFzEURkV1wp/IpH7kH41Etb
mUmrXSwfNZsnQRE5SYSOhh+LcK2wyQkdgcMv11l4KoBkcwIDAQABMA0GCSqGSIb3
DQEBBQUAA4GBAGZLPEuJ5SiJ2ryq+CmEGOXfvlTtEL2nuGtr9PewxkgnOjZpUy+d
4TvuXJbNQc8f4AMWL/tO9w0Fk80rWKp9ea8/df4qMq5qlFWlx6yOLQxumNOmECKb
WpkUQDIDJEoFUzKMVuJf4KO/FJ345+BNLGgbJ6WujreoM1X/gYfdnJ/J
-----END CERTIFICATE-----

Further Resources

There is also a test client implementation in here.

The code running this example can be downloaded from the PHP section of the OAuth google code project: http://code.google.com/p/oauth/