NAME
WWW::OAuth - Portable OAuth 1.0 authentication
SYNOPSIS
use WWW::OAuth;
my $oauth = WWW::OAuth->new(
client_id => $client_id,
client_secret => $client_secret,
token => $token,
token_secret => $token_secret,
);
# Just retrieve authorization header
my $auth_header = $oauth->authorization_header($http_request, { oauth_callback => $url });
$http_request->header(Authorization => $auth_header);
# HTTP::Tiny
use HTTP::Tiny;
my $res = $oauth->authenticate(Basic => { method => 'GET', url => $url })
->request_with(HTTP::Tiny->new);
# HTTP::Request
use HTTP::Request::Common;
use LWP::UserAgent;
my $res = $oauth->authenticate(GET $url)->request_with(LWP::UserAgent->new);
# Mojo::Message::Request
use Mojo::UserAgent;
my $tx = $ua->build_tx(get => $url);
$tx = $oauth->authenticate($tx->req)->request_with(Mojo::UserAgent->new);
DESCRIPTION
WWW::OAuth implements OAuth 1.0 request authentication according to RFC 5849. It does not implement the user agent requests needed for the complete OAuth 1.0 authorization flow; it only prepares and signs requests, leaving the rest up to your application. It can authenticate requests for LWP::UserAgent, Mojo::UserAgent, HTTP::Tiny, and can be extended to operate on other types of requests.
Some user agents can be configured to automatically authenticate each request with a WWW::OAuth object.
# LWP::UserAgent
my $ua = LWP::UserAgent->new;
$ua->add_handler(request_prepare => sub { $oauth->authenticate($_[0]) });
# Mojo::UserAgent
my $ua = Mojo::UserAgent->new;
$ua->on(start => sub { $oauth->authenticate($_[1]->req) });
RETRIEVING ACCESS TOKENS
The process of retrieving access tokens and token secrets for authorization on behalf of a user may differ among various APIs, but it follows this general format (error checking is left as an exercise to the reader):
use WWW::OAuth;
use WWW::OAuth::Util 'form_urldecode';
use HTTP::Tiny;
my $ua = HTTP::Tiny->new;
my $oauth = WWW::OAuth->new(
client_id => $client_id,
client_secret => $client_secret,
);
# Request token request
my $res = $oauth->authenticate({ method => 'POST', url => $request_token_url },
{ oauth_callback => $callback_url })->request_with($ua);
my %res_data = @{form_urldecode $res->{content}};
my ($request_token, $request_secret) = @res_data{'oauth_token','oauth_token_secret'};
Now, the returned request token must be used to construct a URL for the user to go to and authorize your application. The exact method differs by API. The user will usually be redirected to the $callback_url
passed earlier after authorizing, with a verifier token that can be used to retrieve the access token and secret.
# Access token request
$oauth->token($request_token);
$oauth->token_secret($request_secret);
my $res = $oauth->authenticate({ method => 'POST', url => $access_token_url },
{ oauth_verifier => $verifier_token })->request_with($ua);
my %res_data = @{form_urldecode $res->{content}};
my ($access_token, $access_secret) = @res_data{'oauth_token','oauth_token_secret'};
Finally, the access token and secret can now be stored and used to authorize your application on behalf of this user.
$oauth->token($access_token);
$oauth->token_secret($access_secret);
ATTRIBUTES
WWW::OAuth implements the following attributes.
client_id
my $client_id = $oauth->client_id;
$oauth = $oauth->client_id($client_id);
Client ID used to identify application (sometimes called an API key or consumer key). Required for all requests.
client_secret
my $client_secret = $oauth->client_secret;
$oauth = $oauth->client_secret($client_secret);
Client secret used to authenticate application (sometimes called an API secret or consumer secret). Required for all requests.
token
my $token = $oauth->token;
$oauth = $oauth->token($token);
Request or access token used to identify resource owner. Leave undefined for temporary credentials requests (request token requests).
token_secret
my $token_secret = $oauth->token_secret;
$oauth = $oauth->token_secret($token_secret);
Request or access token secret used to authenticate on behalf of resource owner. Leave undefined for temporary credentials requests (request token requests).
signature_method
my $method = $oauth->signature_method;
$oauth = $oauth->signature_method($method);
Signature method, can be PLAINTEXT
, HMAC-SHA1
, a coderef that implements the RSA-SHA1
method, or an object that implements the RSA-SHA1
method with a sign
method like Crypt::OpenSSL::RSA. Defaults to HMAC-SHA1
.
METHODS
WWW::OAuth implements the following methods.
authenticate
$container = $oauth->authenticate($container, \%oauth_params);
my $container = $oauth->authenticate($http_request, \%oauth_params);
my $container = $oauth->authenticate(Basic => { method => 'GET', url => $url }, \%oauth_params);
Wraps the HTTP request in a container with "oauth_request" in WWW::OAuth::Util, then sets the Authorization header using "authorization_header" to sign the request for OAuth 1.0. An optional hashref of OAuth parameters will be passed through to "authorization_header". Returns the container object.
authorization_header
my $auth_header = $oauth->authorization_header($container, \%oauth_params);
my $auth_header = $oauth->authorization_header($http_request, \%oauth_params);
my $auth_header = $oauth->authorization_header(Basic => { method => 'GET', url => $url }, \%oauth_params);
Forms an OAuth 1.0 signed Authorization header for the passed request. As in "authenticate", the request may be specified in any form accepted by "oauth_request" in WWW::OAuth::Util. OAuth parameters (starting with oauth_
) may be optionally specified in a hashref and will override any generated OAuth parameters of the same name (they should not be present in the request URL or body parameters). Returns the signed header value.
HTTP REQUEST CONTAINERS
Request containers provide a unified interface for "authenticate" to parse and update HTTP requests. They must perform the Role::Tiny role WWW::OAuth::Request. Custom container classes can be instantiated directly or via "oauth_request" in WWW::OAuth::Util.
Basic
WWW::OAuth::Request::Basic contains the request attributes directly, for user agents such as HTTP::Tiny that do not use request objects.
HTTP_Request
WWW::OAuth::Request::HTTP_Request wraps a HTTP::Request object, which is compatible with several user agents including LWP::UserAgent, HTTP::Thin, and Net::Async::HTTP.
Mojo
WWW::OAuth::Request::Mojo wraps a Mojo::Message::Request object, which is used by Mojo::UserAgent via Mojo::Transaction.
BUGS
Report any issues on the public bugtracker.
AUTHOR
Dan Book <dbook@cpan.org>
COPYRIGHT AND LICENSE
This software is Copyright (c) 2015 by Dan Book.
This is free software, licensed under:
The Artistic License 2.0 (GPL Compatible)