Announcement Announcement Module
Collapse
No announcement yet.
Can you test my OAuth server? Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • Can you test my OAuth server?

    I created an OAuth server, and I want you to test it (on security, application flow, etc.). Please send all your notes, so I can learn from it. I would be very happy with it !

    My test for you is: Try to find the 'hidden' user ID (you can find it using OAuth succesfully).

    Description: 1. Get a request token on https://api.ovoweb.net/oauth/request_token and send your callback URL (as oauth_callback) and all other OAuth stuff (oauth_timestamp, oauth_nonce, oauth_signature, oauth_signature_method = 'HMAC-SHA1,oauth_consumer_key`). You can use this consumer key: 0d9360c62fd4044afe3283c3c00a05ed1b816ddc and this consumer secret: 4ce070e5fdd332d99cddd8b8207eacafeb0c6fdc.

    Send user to authentication via https://api.ovoweb.net/oauth/authorize?oauth_token=<your request token>. You will get back a verifier via $_GET.

    Retrieve the access token on https://api.ovoweb.net/oauth/access_token. Must be an OAuth request!

    Now you can access the protected resource by doing an OAuth request to: https://api.ovoweb.net/me/info

    Is it clear? Is everything OK?

    Regards and many many thanks, Kevin
Working...
X