I created an OAuth server, and I want you to test it (on security, application flow, etc.). Please send all your notes, so I can learn from it. I would be very happy with it !

My test for you is: Try to find the 'hidden' user ID (you can find it using OAuth succesfully).

Description: 1. Get a request token on https://api.ovoweb.net/oauth/request_token and send your callback URL (as oauth_callback) and all other OAuth stuff (oauth_timestamp, oauth_nonce, oauth_signature, oauth_signature_method = 'HMAC-SHA1,oauth_consumer_key`). You can use this consumer key: 0d9360c62fd4044afe3283c3c00a05ed1b816ddc and this consumer secret: 4ce070e5fdd332d99cddd8b8207eacafeb0c6fdc.

Send user to authentication via https://api.ovoweb.net/oauth/authorize?oauth_token=<your request token>. You will get back a verifier via $_GET.

Retrieve the access token on https://api.ovoweb.net/oauth/access_token. Must be an OAuth request!

Now you can access the protected resource by doing an OAuth request to: https://api.ovoweb.net/me/info

Is it clear? Is everything OK?

Regards and many many thanks, Kevin