NAME

OAth::Lite::ServerUtil - server side utility

SYNOPSIS

my $util = OAuth::Lite::ServerUtil->new;
$util->support_signature_method('HMAC-SHA1');
$util->allow_extra_params(qw/file size/);

unless ($util->validate_params($oauth_params)) {
    return $server->error(400, $util->errstr);
}

$util->verify_signature(
    method          => $r->method,
    params          => $oauth_params,
    url             => $request_uri,
    consumer_secret => $consumer->secret,
) or return $server->error(401, $util->errstr);

And see OAuth::Lite::Server::mod_perl2 source code.

DESCRIPTION

This module helps you to implement application that acts as OAuth Service Provider.

METHODS

new

Constructor

my $util = OAuth::Lite::ServerUtil->new;

allow_extra_param($param_name);

When you validate oauth parameters, if an extra parameter is included, the validation will fail.

my $params = {
    oauth_version => '1.0',
    ...and other oauth parameters,
};
$params->{file} = "foo.jpg";

# fail!
unless ($util->validate_params($params)) {
    $your_app->error( $util->errstr );
}

So, if you want allow extra parameter, use this method.

$util->allow_extra_param('file');

my $params = {
    oauth_version => '1.0',
    ...and other oauth parameters,
};
$params->{file} = "foo.jpg";

# Now this results successfully.
unless ($util->validate_params($params)) {
    $your_app->error( $util->errstr );
}

allow_extra_params($param1, $param2, ...)

You can allow multiple extra parameters at once.

$util->allow_extra_params(qw/file size/);

support_signature_method($method_class_name);

Set the signature method class's name that your server can supports.

$util->support_signature_method('HMAC_SHA1');

This method requires indicated signature method class inside. So, you should install OAuth::Lite::SignatureMethod::$method_class_name beforehand. For example, when your choise is HMAC_SHA1, you need to have OAuth::Lite::SignatureMethod::HMAC_SHA1 installed in your server.

support_signature_methods($method1, $method2, ...);

You can set multiple signature method class at once.

$util->support_signature_methods(qw/HMAC_SHA1 RSA_SHA1/);

validate_params($params, [$check_token]);

Check if the request includes all required params and doesn't include unsupported params.

unless ($util->validate_params($params)) {
    $your_app->error( $util->errstr );
}

When the request is to exchange tokens or to access to protected resources, pass 1 for second argument. This flag indicates that oauth_token param is needed.

unless ($util->validate_params($params, 1)) {
    $your_app->error( $util->errstr );
}

validate_signature_method($method_name)

unless ($util->validate_signature_method('HMAC-SHA1')) {
    
    $your_app->error(qq/Unsupported signature method/);
    ...
}

verify_signature(%args)

method - HTTP request method
params - parameters hash reference
url - requested uri
consumer_secret - consumer secret value(optional)
token_secret - token secret value(optional)
# you can omit consumer_secret and token_secret if you don't need them.
$util->verify_signature(
    method          => $r->method, 
    params          => $params,
    url             => $requested_uri,
    consumer_secret => $consumer_secret,
    token_secret    => $token_secret,
) or die $utl->errstr;

SEE ALSO

OAuth::Lite::Server::mod_perl2

AUTHOR

Lyo Kato, lyo.kato _at_ gmail.com

COPYRIGHT AND LICENSE

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.6 or, at your option, any later version of Perl 5 you may have available.