Jul 20th, 2011, 02:25 PM
Can you test my OAuth server?
I created an OAuth server, and I want you to test it (on security, application flow, etc.). Please send all your notes, so I can learn from it. I would be very happy with it !
My test for you is: Try to find the 'hidden' user ID (you can find it using OAuth succesfully).
Description: 1. Get a request token on https://api.ovoweb.net/oauth/request_token and send your callback URL (as oauth_callback) and all other OAuth stuff (oauth_timestamp, oauth_nonce, oauth_signature, oauth_signature_method = 'HMAC-SHA1,oauth_consumer_key`). You can use this consumer key: 0d9360c62fd4044afe3283c3c00a05ed1b816ddc and this consumer secret: 4ce070e5fdd332d99cddd8b8207eacafeb0c6fdc.
Send user to authentication via https://api.ovoweb.net/oauth/authorize?oauth_token=<your request token>. You will get back a verifier via $_GET.
Retrieve the access token on https://api.ovoweb.net/oauth/access_token. Must be an OAuth request!
Now you can access the protected resource by doing an OAuth request to: https://api.ovoweb.net/me/info
Is it clear? Is everything OK?
Regards and many many thanks, Kevin
Tags for this Thread