NAME

OIDC::Lite::Client::WebServer - OpenID Connect Web Server Profile Client

SYNOPSIS

my $client = OIDC::Lite::Client::WebServer->new(
    id               => q{my_client_id},
    secret           => q{my_client_secret},
    authorize_uri    => q{http://example.org/authorize},
    access_token_uri => q{http://example.org/token},
);

# redirect user to authorize page.
sub start_authorize {
    my $your_app = shift;
    my $redirect_url = $client->uri_to_redirect(
        redirect_uri => q{http://yourapp/callback},
        scope        => q{photo},
        state        => q{optional_state},
    );

    $your_app->res->redirect( $redirect_url );
}

# this method corresponds to the url 'http://yourapp/callback'
sub callback {
    my $your_app = shift;

    my $code = $your_app->request->param("code");

    my $access_token = $client->get_access_token(
        code         => $code,
        redirect_uri => q{http://yourapp/callback},
    ) or return $your_app->error( $client->errstr );

    $your_app->store->save( access_token  => $access_token->access_token  );
    $your_app->store->save( expires_at    => time() + $access_token->expires_in    );
    $your_app->store->save( refresh_token => $access_token->refresh_token );
}

sub refresh_access_token {
    my $your_app = shift;

    my $access_token = $client->refresh_access_token(
        refresh_token => $refresh_token,
    ) or return $your_app->error( $client->errstr );

    $your_app->store->save( access_token  => $access_token->access_token  );
    $your_app->store->save( expires_at    => time() + $access_token->expires_in    );
    $your_app->store->save( refresh_token => $access_token->refresh_token );
}


sub access_to_protected_resource {
    my $your_app = shift;

    my $access_token  = $your_app->store->get("access_token");
    my $expires_at    = $your_app->store->get("expires_at");
    my $refresh_token = $your_app->store->get("refresh_token");

    unless ($access_token) {
        $your_app->start_authorize();
        return;
    }

    if ($expires_at < time()) {
        $your_app->refresh_access_token();
        return;
    }

    my $req = HTTP::Request->new( GET => q{http://example.org/photo} );
    $req->header( Authorization => sprintf(q{OAuth %s}, $access_token) );
    my $agent = LWP::UserAgent->new;
    my $res = $agent->request($req);
    ...
}

DESCRIPTION

Client library for OpenID Connect Web Server Profile.

METHODS

new( %params )

id

Client ID

secret

Client secret

authorize_uri

authorization page uri on auth-server.

access_token_uri

token endpoint uri on auth-server.

refresh_token_uri

refresh-token endpoint uri on auth-server. if you omit this, access_token_uri is used instead.

agent

user agent. if you omit this, LWP::UserAgent's object is set by default. You can use your custom agent or preset-agents.

See also

OAuth::Lite2::Agent::Dump OAuth::Lite2::Agent::Strict OAuth::Lite2::Agent::PSGIMock

uri_to_redirect( %params )

get_access_token( %params )

execute verification, and returns OIDC::Lite::Client::Token object.

code

Authorization-code that is issued beforehand by server

redirect_uri

The URL that has used for user authorization's callback

refresh_access_token( %params )

Refresh access token by refresh_token, returns OIDC::Lite::Client::Token object.

refresh_token

last_request

Returns a HTTP::Request object that is used when you obtain or refresh access token last time internally.

last_response

Returns a HTTP::Response object that is used when you obtain or refresh access token last time internally.

AUTHOR

Ryo Ito, <ritou.06@gmail.com>

COPYRIGHT AND LICENSE

Copyright (C) 2012 by Ryo Ito

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.8 or, at your option, any later version of Perl 5 you may have available.