This wiki is no longer active and is left here for historical purposes. Please visit oauth.net for up-to-date information.
View
 

TestCases

This version was saved 9 years, 5 months ago View current version     Page history
Saved by PBworks
on August 22, 2008 at 8:28:59 am
 

Here are test cases for OAuth algorithms.

 

To discuss this page, please use the Test Cases thread in the Google Group OAuth.

 

Parameter Encoding (section 5.1)

 

In this table, U+xxxx means the character whose Unicode code point is xxxx (in hexadecimal notation).

 

parameter name or valueencoded
abcABC123abcABC123
-._~-._~
%%25
+%2B
&=*%26%3D%2A
U+000A (LF)%0A
U+0020 (space)%20
U+007F%7F
U+0080%C2%80
U+3001%E3%80%81

 

Authorization Header (section 5.4.1)

 

Normalize Request Parameters (section 9.1.1)

 

In this table, parameters are shown as a document of MIME type application/x-www-form-urlencoded that conforms to HTML 4.01 section 17.13.4.1. Note that '+' represents a space, in the parameters column (as in a URL query string).

 

parametersnormalized
namename=
a=ba=b
a=b&c=da=b&c=d
a=x!y&a=x+ya=x%20y&a=x%21y
x!y=a&x=ax=a&x%21y=a

 

Concatenate Request Elements (section 9.1.2)

 

In this table, parameters are shown as a document of MIME type application/x-www-form-urlencoded that conforms to HTML 4.01 section 17.13.4.1, with some white space inserted for legibility.

 

HTTP request methodHTTP URLparametersBase String
GEThttp://example.com/n=vGET&http%3A%2F%2Fexample.com%2F&n%3Dv
GEThttp://example.com 1n=vGET&http%3A%2F%2Fexample.com%2F&n%3Dv
POSThttps://photos.example.net/request_tokenoauth_version=1.0&oauth_consumer_key=dpf43f3p2l4k3l03 &oauth_timestamp=1191242090&oauth_nonce=hsu94j3884jdopsl &oauth_signature_method=PLAINTEXT&oauth_signature=ignoredPOST&https%3A%2F%2Fphotos.example.net%2Frequest_token&oauth_consumer_key%3Ddpf43f3p2l4k3l03%26oauth_nonce%3Dhsu94j3884jdopsl%26oauth_signature_method%3DPLAINTEXT%26oauth_timestamp%3D1191242090%26oauth_version%3D1.0
GEThttp://photos.example.net/photosfile=vacation.jpg&size=original &oauth_version=1.0&oauth_consumer_key=dpf43f3p2l4k3l03 &oauth_token=nnch734d00sl2jdk &oauth_timestamp=1191242096&oauth_nonce=kllo9940pd9333jh &oauth_signature=ignored&oauth_signature_method=HMAC-SHA1GET&http%3A%2F%2Fphotos.example.net%2Fphotos&file%3Dvacation.jpg%26oauth_consumer_key%3Ddpf43f3p2l4k3l03%26oauth_nonce%3Dkllo9940pd9333jh%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1191242096%26oauth_token%3Dnnch734d00sl2jdk%26oauth_version%3D1.0%26size%3Doriginal

 

HMAC-SHA1 (section 9.2)

Consumer SecretToken SecretBase StringSignature
csbsegQqG5AJep5sJ7anhXju1unge2I=
cstsbsVZVjXceV7JgPq/dOTnNmEfO0Fv8=
kd94hf93k423kf44pfkkdhi9sl3r4s00GET&http%3A%2F%2Fphotos.example.net%2Fphotos&file%3Dvacation.jpg%26oauth_consumer_key%3Ddpf43f3p2l4k3l03%26oauth_nonce%3Dkllo9940pd9333jh%26oauth_signature_method%3DHMAC-SHA1%26oauth_timestamp%3D1191242096%26oauth_token%3Dnnch734d00sl2jdk%26oauth_version%3D1.0%26size%3DoriginaltR3+Ty81lMeYAr/Fid0kMTYa/WM=

 

RSA-SHA1 (section 9.3)

Consumer Key:dpf43f3p2l4k3l03
Private Key (PKCS#8 and Base64-encoded):
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALRiMLAh9iimur8V

A7qVvdqxevEuUkW4K+2KdMXmnQbG9Aa7k7eBjK1S+0LYmVjPKlJGNXHDGuy5Fw/d

7rjVJ0BLB+ubPK8iA/Tw3hLQgXMRRGRXXCn8ikfuQfjUS1uZSatdLB81mydBETlJ

hI6GH4twrbDJCR2Bwy/XWXgqgGRzAgMBAAECgYBYWVtleUzavkbrPjy0T5FMou8H

X9u2AC2ry8vD/l7cqedtwMPp9k7TubgNFo+NGvKsl2ynyprOZR1xjQ7WgrgVB+mm

uScOM/5HVceFuGRDhYTCObE+y1kxRloNYXnx3ei1zbeYLPCHdhxRYW7T0qcynNmw

rn05/KO2RLjgQNalsQJBANeA3Q4Nugqy4QBUCEC09SqylT2K9FrrItqL2QKc9v0Z

zO2uwllCbg0dwpVuYPYXYvikNHHg+aCWF+VXsb9rpPsCQQDWR9TT4ORdzoj+Nccn

qkMsDmzt0EfNaAOwHOmVJ2RVBspPcxt5iN4HI7HNeG6U5YsFBb+/GZbgfBT3kpNG

WPTpAkBI+gFhjfJvRw38n3g/+UeAkwMI2TJQS4n8+hid0uus3/zOjDySH3XHCUno

cn1xOJAyZODBo47E+67R4jV1/gzbAkEAklJaspRPXP877NssM5nAZMU0/O/NGCZ+

3jPgDUno6WbJn5cqm8MqWhW1xGkImgRk+fkDBquiq4gPiT898jusgQJAd5Zrr6Q8

AO/0isr/3aa6O6NLQxISLKcPDk2NOccAfS/xOtfOz4sJYM3+Bs4Io9+dZGSDCA54

Lw03eHTNQghS0A==

Certificate:
-----BEGIN CERTIFICATE-----

MIIBpjCCAQ+gAwIBAgIBATANBgkqhkiG9w0BAQUFADAZMRcwFQYDVQQDDA5UZXN0

IFByaW5jaXBhbDAeFw03MDAxMDEwODAwMDBaFw0zODEyMzEwODAwMDBaMBkxFzAV

BgNVBAMMDlRlc3QgUHJpbmNpcGFsMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKB

gQC0YjCwIfYoprq/FQO6lb3asXrxLlJFuCvtinTF5p0GxvQGu5O3gYytUvtC2JlY

zypSRjVxwxrsuRcP3e641SdASwfrmzyvIgP08N4S0IFzEURkV1wp/IpH7kH41Etb

mUmrXSwfNZsnQRE5SYSOhh+LcK2wyQkdgcMv11l4KoBkcwIDAQABMA0GCSqGSIb3

DQEBBQUAA4GBAGZLPEuJ5SiJ2ryq+CmEGOXfvlTtEL2nuGtr9PewxkgnOjZpUy+d

4TvuXJbNQc8f4AMWL/tO9w0Fk80rWKp9ea8/df4qMq5qlFWlx6yOLQxumNOmECKb

WpkUQDIDJEoFUzKMVuJf4KO/FJ345+BNLGgbJ6WujreoM1X/gYfdnJ/J

-----END CERTIFICATE-----

HTTP URL:http://photos.example.net/photos
Parametersoauth_signature_method=RSA-SHA1, oauth_version=1.0, oauth_consumer_key=dpf43f3p2l4k3l03, oauth_timestamp=1196666512, oauth_nonce=13917289812797014437, file=vacaction.jpg, size=original
Base String:
GET&http%3A%2F%2Fphotos.example.net%2Fphotos&file%3Dvacaction.jpg%26oauth_consumer_key%3Ddpf43f3p2l4k3l03%26oauth_nonce%3D13917289812797014437%26oauth_signature_method%3DRSA-SHA1%26oauth_timestamp%3D1196666512%26oauth_version%3D1.0%26size%3Doriginal
Signature:
jvTp/wX1TYtByB1m+Pbyo0lnCOLIsyGCH7wke8AUs3BpnwZJtAuEJkvQL2/9n4s5wUmUl4aCI4BwpraNx4RtEXMe5qg5T1LVTGliMRpKasKsW//e+RinhejgCuzoH26dyF8iY2ZZ/5D1ilgeijhV/vBka5twt399mXwaYdCwFYE=
Complete signed URL:
http://photos.example.net/photos?oauth_signature_method=RSA-SHA1&oauth_version=1.0&oauth_consumer_key=dpf43f3p2l4k3l03&oauth_timestamp=1196666512&oauth_nonce=13917289812797014437&file=vacaction.jpg&size=original&oauth_signature=jvTp%2FwX1TYtByB1m%2BPbyo0lnCOLIsyGCH7wke8AUs3BpnwZJtAuEJkvQL2%2F9n4s5wUmUl4aCI4BwpraNx4RtEXMe5qg5T1LVTGliMRpKasKsW%2F%2Fe%2BRinhejgCuzoH26dyF8iY2ZZ%2F5D1ilgeijhV%2FvBka5twt399mXwaYdCwFYE%3D

 

 

1 Note that HTTP does not allow empty absolute paths, so the URL 'http://example.com' is equivalent to 'http://example.com/' and should be treated as such for the purposes of OAuth signing (rfc2616, section 3.2.1)

Comments (0)

You don't have permission to comment on this page.