NAME
Net::OAuth2::AuthorizationServer::PasswordGrant - OAuth2 Resource Owner Password Credentials Grant
You "MUST NOT" use this grant type (see https://tools.ietf.org/html/draft-ietf-oauth-security-topics-15)
SYNOPSIS
my $Grant = Net::OAuth2::AuthorizationServer::PasswordGrant->new(
clients => {
TrendyNewService => {
client_secret => 'TopSecretClientSecret',
scopes => {
post_images => 1,
annoy_friends => 1,
},
},
},
users => {
bob => 'j$s03R#!\fs',
tom => 'dE0@@s^tWg1',
},
);
# verify a client and username against known clients/users
my ( $client_id,$error,$scopes,$username ) = $Grant->verify_user_password(
client_id => $client_id,
client_secret => $client_secret,
username => $username,
password => $password,
scopes => [ qw/ list of scopes / ],
);
if ( ! $Grant->login_resource_owner ) {
# resource owner needs to login
...
}
# have resource owner confirm (and perhaps modify) scopes
my ( $confirmed,$error,$scopes_ref ) = $Grant->confirm_by_resource_owner(
client_id => $client_id,
scopes => [ qw/ list of scopes / ],
);
# generate a token
my $token = $Grant->token(
client_id => $client_id,
scopes => $scopes_ref,
type => 'access', # one of: access, refresh
redirect_uri => $redirect_uri,
user_id => $user_id, # optional
jwt_claims_cb => sub { ... }, # optional, see jwt_claims_cb in Manual
);
# store access token
$Grant->store_access_token(
client_id => $client,
access_token => $access_token,
refresh_token => $refresh_token,
scopes => $scopes_ref,
old_refresh_token => $old_refresh_token,
);
# verify an access token
my ( $is_valid,$error ) = $Grant->verify_access_token(
access_token => $access_token,
scopes => $scopes_ref,
is_refresh_token => 0,
);
# or:
my ( $oauth_details,$error ) = $Grant->verify_token_and_scope(
refresh_token => $refresh_token,
auth_header => $http_authorization_header,
);
DESCRIPTION
This module implements the OAuth2 "Resource Owner Password Credentials Grant" flow as described at http://tools.ietf.org/html/rfc6749#section-4.3.
CONSTRUCTOR ARGUMENTS
Along with those detailed at "CONSTRUCTOR ARGUMENTS" in Net::OAuth2::AuthorizationServer::Manual the following are supported by this grant type:
users
A hashref of client details keyed like so:
$username => $password
CALLBACK FUNCTIONS
The following callbacks are supported by this grant type:
login_resource_owner_cb
confirm_by_resource_owner_cb
verify_client_cb
verify_user_password_cb
store_access_token_cb
verify_access_token_cb
Please see "CALLBACK FUNCTIONS" in Net::OAuth2::AuthorizationServer::Manual for documentation on each callback function.
AUTHOR
Lee Johnson - leejo@cpan.org
LICENSE
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself. If you would like to contribute documentation or file a bug report then please raise an issue / pull request:
https://github.com/Humanstate/net-oauth2-authorizationserver