/ 
Mojar-Google-Analytics-1.053
River stage zero No dependents
/ Mojar::Auth::Jwt

NAME

Mojar::Auth::Jwt - JWT authentication for Google services

SYNOPSIS

use Mojar::Auth::Jwt;
$jwt = Mojar::Auth::Jwt->new(
  iss => $auth_user,
  private_key => $private_key
);
$tx = $ua->post_form($jwt->aud, 'UTF-8', {
  grant_type => $grant_type,
  assertion => $jwt->encode
});
$token = $_->json->{access_token}
  if $_ = $tx->success;

DESCRIPTION

This class implements JSON Web Token (JWT) authentication (v3) for accessing googleapis.com from a service application. If your application impersonates users (to access/manipulate their data) then you need something else instead.

ATTRIBUTES

typ

Type; only supported (tested) value is JWT.

alg

Algorithm; only supported (tested) value is RS256.

iss

JWT username. For example, Google Analytics reporting users have ...@developer.gserviceaccount.com.

scope

https://www.googleapis.com/auth/analytics.readonly.

aud

https://accounts.google.com/o/oauth2/token.

iat

Start of validity (epoch seconds). Defaults to now.

duration

Length of validity period. Defaults to an hour.

exp

Expiry time (epoch seconds). Defaults to now + duration.

private_key

Private key.

JWT header.

body

JWT content.

signature

Signed encapsulation of header + body

cipher

Cipher object, built from Crypt::OpenSSL::RSA. Before accessing, ensure private_key has been set.

METHODS

new

Constructor; typically only iss and private_key are needed.

reset

Clear out stale fields.

encode

Encode header and body and sign with a signature. Either ensure header and body are already set or pass them as parameters.

$jwt->header(...)
    ->body(...);
$encoded = $jwt->encode;

or

$encoded = $jwt->encode(header => q{...}, body => q{...});
decode

Create a new JWT object by deconstructing encoded strings.

$new_jwt = $jwt->decode($encoded_string);
verify_signature

Verify existing signature is valid with respect to header and body. (Mainly used in unit tests.)

mogrify

Encode a hashref.

$encoded_string = $jwt->mogrify($hashref);
demogrify

Decode a hashref.

$hashref = $jwt->demogrify($encoded_string);

CONFIGURATION AND ENVIRONMENT

You need to create a low-privilege user within your GA account, granting them access to an appropriate profile. Then register your application for unattended access. That results in a username and private key that your application uses for access.

RATIONALE

As far as I know this class has only been used for accessing Google Analytics services so far. I am expecting it to be useful for other services that use JWT.

SUPPORT

See Mojar.

SEE ALSO

Acme::JWT is less Google-centric.