NAME

OAuth::Lite::ServerUtil - server side utility

SYNOPSIS

my $util = OAuth::Lite::ServerUtil->new;
$util->support_signature_method('HMAC-SHA1');
$util->allow_extra_params(qw/file size/);

unless ($util->validate_params($oauth_params)) {
    return $server->error(400, $util->errstr);
}

$util->verify_signature(
    method          => $r->method,
    params          => $oauth_params,
    url             => $request_uri,
    consumer_secret => $consumer->secret,
) or return $server->error(401, $util->errstr);

And see OAuth::Lite::Server::mod_perl2 source code.

DESCRIPTION

This module helps you to implement application that acts as OAuth Service Provider.

PAY ATTENTION

If you use OAuth 1.31 or older version, its has invalid way to normalize params. (when there are two or more same key and they contain ASCII and non ASCII value)

But the many services have already supported deprecated version, and the correct way breaks backward compatibility. So, from 1.32, supported both correct and deprecated method.

use $OAuth::Lite::USE_DEPRECATED_NORMALIZER to switch behaviour. Currently 1 is set by default to keep backward compatibility.

use OAuth::Lite::ServerUtil;
use OAuth::Lite;

$OAuth::Lite::USE_DEPRECATED_NORMALIZER = 0;
...

METHODS

new

Constructor

my $util = OAuth::Lite::ServerUtil->new;

Set strict true by default, and it judge unsupported param as invalid when validating params. You can build ServerUtil as non-strict mode, then it accepts unsupported parameters.

my $util = OAuth::Lite::ServerUtil->new( strict => 0 );

allow_extra_param($param_name);

When you validate oauth parameters, if an extra parameter is included, the validation will fail.

my $params = {
    oauth_version => '1.0',
    ...and other oauth parameters,
};
$params->{file} = "foo.jpg";

# fail!
unless ($util->validate_params($params)) {
    $your_app->error( $util->errstr );
}

So, if you want allow extra parameter, use this method.

$util->allow_extra_param('file');

my $params = {
    oauth_version => '1.0',
    ...and other oauth parameters,
};
$params->{file} = "foo.jpg";

# Now this results successfully.
unless ($util->validate_params($params)) {
    $your_app->error( $util->errstr );
}

allow_extra_params($param1, $param2, ...)

You can allow multiple extra parameters at once.

$util->allow_extra_params(qw/file size/);

support_signature_method($method_class_name);

Set the signature method class's name that your server can supports.

$util->support_signature_method('HMAC_SHA1');

This method requires indicated signature method class inside. So, you should install OAuth::Lite::SignatureMethod::$method_class_name beforehand. For example, when your choise is HMAC_SHA1, you need to have OAuth::Lite::SignatureMethod::HMAC_SHA1 installed in your server.

support_signature_methods($method1, $method2, ...);

You can set multiple signature method class at once.

$util->support_signature_methods(qw/HMAC_SHA1 RSA_SHA1/);

validate_params($params, [$check_token]);

Check if the request includes all required params and doesn't include unsupported params. It doesn't check unsupported params when working on strict mode.

unless ($util->validate_params($params)) {
    $your_app->error( $util->errstr );
}

When the request is to exchange tokens or to access to protected resources, pass 1 for second argument. This flag indicates that oauth_token param is needed.

unless ($util->validate_params($params, 1)) {
    $your_app->error( $util->errstr );
}

validate_signature_method($method_name)

unless ($util->validate_signature_method('HMAC-SHA1')) {
    
    $your_app->error(qq/Unsupported signature method/);
    ...
}

verify_signature(%args)

method - HTTP request method
params - parameters hash reference
url - requested uri
consumer_secret - consumer secret value(optional)
token_secret - token secret value(optional)
# you can omit consumer_secret and token_secret if you don't need them.
$util->verify_signature(
    method          => $r->method, 
    params          => $params,
    url             => $requested_uri,
    consumer_secret => $consumer_secret,
    token_secret    => $token_secret,
) or die $utl->errstr;

SEE ALSO

OAuth::Lite::Server::mod_perl2

AUTHOR

Lyo Kato, lyo.kato _at_ gmail.com

COPYRIGHT AND LICENSE

This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.6 or, at your option, any later version of Perl 5 you may have available.