OAuth Test Server

Instructions for Use

This is a test server with a predefined static set of keys and tokens, you can make your requests using them to test your code (and mine ;)).

Your Consumer Key / Secret

• consumer key: key
• consumer secret: secret

Use this key and secret for all your requests.

Getting a Request Token

• request token endpoint: http://166.117.235.156/oauth/example/request_token.php

A successful request will return the following with new parameters returned in OAuth 2008.1:

oauth_token=requestkey&oauth_token_secret=requestsecret&oauth_expires_in=3600

An unsuccessful request will attempt to describe what went wrong using oauth_problem codes.

Example

New in OAuth 2008.1

• oauth_expires_in: a parameter defining when (in seconds) the use of this token will expire. If any calls are made using this token after expiration, one of the various oauth_problem values.
• oauth_problem: a parameter sent when an oauth request failed. The value will be a code representing the reason for failure. Refer to the the list of oauth problem codes.

Getting an Access Token

The Request Token provided above is already authorized, you may use it to request an Access Token right away.

• access token endpoint: http://166.117.235.156/oauth/example/access_token.php

A successful request will return the following with new parameters returned in OAuth 2008.1:

oauth_token=accesskey&oauth_token_secret=accesssecret&oauth_session_handle=sessionhandle&oauth_expires_in=3600&oauth_authorization_expires_in=3600

An unsuccessful request will attempt to describe what went wrong.

Example

New in OAuth 2008.1

• oauth_session_handle: The session handle is used to identify a session after an access token expires. A session handle is saved by the client and is only passed to the oauth server during an access token renewal request.
• oauth_authorization_expires_in: Similar to oauth_expires_in, defines how many seconds until the session handle will expire.

New in OAuth 2008.1: Renewing an Access Token

A feature new in OAuth 2008.1 is access token renewal. When access tokens expire, you must acquire a new token using the renewal api.

• access token renewal endpoint: http://166.117.235.156/oauth/example/access_token_renewal.php

A successful request will return the following:

oauth_token=accesskey&oauth_token_secret=accesssecret&oauth_session_handle=sessionhandle&oauth_expires_in=3600&oauth_authorization_expires_in=3600

An unsuccessful request will attempt to describe what went wrong.

Example

Making Authenticated Calls

Using your Access Token you can make authenticated calls.

• api endpoint: http://166.117.235.156/oauth/example/echo_api.php

A successful request will echo the non-OAuth parameters sent to it, for example:

method=foo&bar=baz

An unsuccessful request will attempt to describe what went wrong.

Example

Currently Supported Signature Methods

Current signing method is: HMAC-SHA1

• HMAC-SHA1
• PLAINTEXT(switch)
• RSA-SHA1(switch)

Further Resources

There is also a test client implementation in here.

The code running this example can be downloaded from the PHP section of the OAuth google code project: http://code.google.com/p/oauth/