NAME
OAth::Lite::ServerUtil - server side utility
SYNOPSIS
my $util = OAuth::Lite::ServerUtil->new;
$util->support_signature_method('HMAC-SHA1');
$util->allow_extra_params(qw/file size/);
unless ($util->validate_params($oauth_params)) {
return $server->error(400, $util->errstr);
}
$util->verify_signature(
method => $r->method,
params => $oauth_params,
url => $request_uri,
consumer_secret => $consumer->secret,
) or return $server->error(401, $util->errstr);And see OAuth::Lite::Server::mod_perl2 source code.
DESCRIPTION
This module helps you to implement application that acts as OAuth Service Provider.
METHODS
new
Constructor
my $util = OAuth::Lite::ServerUtil->new;Set strict true by default, and it judge unsupported param as invalid when validating params. You can build ServerUtil as non-strict mode, then it accepts unsupported parameters.
my $util = OAuth::Lite::ServerUtil->new( strict => 0 );allow_extra_param($param_name);
When you validate oauth parameters, if an extra parameter is included, the validation will fail.
my $params = {
oauth_version => '1.0',
...and other oauth parameters,
};
$params->{file} = "foo.jpg";
# fail!
unless ($util->validate_params($params)) {
$your_app->error( $util->errstr );
}So, if you want allow extra parameter, use this method.
$util->allow_extra_param('file');
my $params = {
oauth_version => '1.0',
...and other oauth parameters,
};
$params->{file} = "foo.jpg";
# Now this results successfully.
unless ($util->validate_params($params)) {
$your_app->error( $util->errstr );
}allow_extra_params($param1, $param2, ...)
You can allow multiple extra parameters at once.
$util->allow_extra_params(qw/file size/);support_signature_method($method_class_name);
Set the signature method class's name that your server can supports.
$util->support_signature_method('HMAC_SHA1');This method requires indicated signature method class inside. So, you should install OAuth::Lite::SignatureMethod::$method_class_name beforehand. For example, when your choise is HMAC_SHA1, you need to have OAuth::Lite::SignatureMethod::HMAC_SHA1 installed in your server.
support_signature_methods($method1, $method2, ...);
You can set multiple signature method class at once.
$util->support_signature_methods(qw/HMAC_SHA1 RSA_SHA1/);validate_params($params, [$check_token]);
Check if the request includes all required params and doesn't include unsupported params. It doesn't check unsupported params when working on strict mode.
unless ($util->validate_params($params)) {
$your_app->error( $util->errstr );
}When the request is to exchange tokens or to access to protected resources, pass 1 for second argument. This flag indicates that oauth_token param is needed.
unless ($util->validate_params($params, 1)) {
$your_app->error( $util->errstr );
}validate_signature_method($method_name)
unless ($util->validate_signature_method('HMAC-SHA1')) {
$your_app->error(qq/Unsupported signature method/);
...
}verify_signature(%args)
- method - HTTP request method
- params - parameters hash reference
- url - requested uri
- consumer_secret - consumer secret value(optional)
- token_secret - token secret value(optional)
# you can omit consumer_secret and token_secret if you don't need them.
$util->verify_signature(
method => $r->method,
params => $params,
url => $requested_uri,
consumer_secret => $consumer_secret,
token_secret => $token_secret,
) or die $utl->errstr;SEE ALSO
OAuth::Lite::Server::mod_perl2
AUTHOR
Lyo Kato, lyo.kato _at_ gmail.com
COPYRIGHT AND LICENSE
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.6 or, at your option, any later version of Perl 5 you may have available.