An Erlang OAuth 1.0 implementation

Latest version: 2.1.0 registry icon
Maintenance score
Safety score
Popularity score
Check your open source dependency risks. Get immediate insight about security, stability and licensing risks.
Version Suggest Low Medium High Critical
2.1.0 0 0 0 0 0

Latest release:

2.1.0 - This version may not be safe as it has not been updated for a long time. Find out if your coding project uses this component and get notified of any reported security vulnerabilities with Meterian-X Open Source Security Platform


Maintain your licence declarations and avoid unwanted licences to protect your IP the way you intended.

MIT   -   MIT License

Not a wildcard

Not proprietary

OSI Compliant

Build Status Hex.pm version Hex.pm Downloads Hex.pm Documentation Erlang Versions License


An Erlang implementation of The OAuth 1.0 Protocol.

There are functions for

  • generating signatures (client side),
  • verifying signatures (server side),
  • some convenience functions for making OAuth HTTP requests (client side).


Erlang-oauth is on Hex, you can use the package by adding it into your rebar.config:

{deps, [
    {oauth, "2.1.0"}

Erlang/OTP compatibility

Erlang/OTP 21 or greater.

Quick start (client usage)

$ erl -make
Recompile: src/oauth
$ erl -pa ebin -s crypto -s inets
1> Consumer = {"key", "secret", hmac_sha1}.
2> RequestTokenURL = "http://term.ie/oauth/example/request_token.php".
3> {ok, RequestTokenResponse} = oauth:get(RequestTokenURL, [], Consumer).
4> RequestTokenParams = oauth:params_decode(RequestTokenResponse).
5> RequestToken = oauth:token(RequestTokenParams).
6> RequestTokenSecret = oauth:token_secret(RequestTokenParams).
7> AccessTokenURL = "http://term.ie/oauth/example/access_token.php".
8> {ok, AccessTokenResponse} = oauth:get(AccessTokenURL, [], Consumer, RequestToken, RequestTokenSecret).
9> AccessTokenParams = oauth:params_decode(AccessTokenResponse).
10> AccessToken = oauth:token(AccessTokenParams).
11> AccessTokenSecret = oauth:token_secret(AccessTokenParams).
12> URL = "http://term.ie/oauth/example/echo_api.php".
13> {ok, Response} = oauth:get(URL, [{"hello", "world"}], Consumer, AccessToken, AccessTokenSecret).
14> oauth:params_decode(Response).

OAuth consumer representation

Consumers are represented using tuples:

{Key::string(), Secret::string(), plaintext}

{Key::string(), Secret::string(), hmac_sha1}

{Key::string(), RSAPrivateKeyPath::string(), rsa_sha1}  % client side

{Key::string(), RSACertificatePath::string(), rsa_sha1}  % server side

Other notes

This implementation should be compatible with the signature algorithms presented in RFC5849 - The OAuth 1.0 Protocol, and OAuth Core 1.0 Revision A. It is not intended to cover OAuth 2.0.

This is not a "plug and play" server implementation. In order to implement OAuth correctly as a provider you have more work to do: token storage, nonce and timestamp verification etc.

This is not a "bells and whistles" HTTP client. If you need fine grained control over your HTTP requests or you prefer to use something other than inets/httpc then you will need to assemble the requests yourself. Use oauth:sign/6 to generate a list of signed OAuth parameters, and then either oauth:uri_params_encode/1 or oauth:header_params_encode/1 to encode the signed parameters.

The percent encoding/decoding implementations are based on ibrowse


This project is licensed under the terms of the MIT license.