OAuth::Lite::ServerUtil - server side utility
my $util = OAuth::Lite::ServerUtil->new; $util->support_signature_method('HMAC-SHA1'); $util->allow_extra_params(qw/file size/); unless ($util->validate_params($oauth_params)) { return $server->error(400, $util->errstr); } $util->verify_signature( method => $r->method, params => $oauth_params, url => $request_uri, consumer_secret => $consumer->secret, ) or return $server->error(401, $util->errstr);
And see OAuth::Lite::Server::mod_perl2 source code.
This module helps you to implement application that acts as OAuth Service Provider.
If you use OAuth 1.31 or older version, its has invalid way to normalize params. (when there are two or more same key and they contain ASCII and non ASCII value)
But the many services have already supported deprecated version, and the correct way breaks backward compatibility. So, from 1.32, supported both correct and deprecated method.
use $OAuth::Lite::USE_DEPRECATED_NORMALIZER to switch behaviour. Currently 1 is set by default to keep backward compatibility.
use OAuth::Lite::ServerUtil; use OAuth::Lite; $OAuth::Lite::USE_DEPRECATED_NORMALIZER = 0; ...
Constructor
my $util = OAuth::Lite::ServerUtil->new;
Set strict true by default, and it judge unsupported param as invalid when validating params. You can build ServerUtil as non-strict mode, then it accepts unsupported parameters.
my $util = OAuth::Lite::ServerUtil->new( strict => 0 );
When you validate oauth parameters, if an extra parameter is included, the validation will fail.
my $params = { oauth_version => '1.0', ...and other oauth parameters, }; $params->{file} = "foo.jpg"; # fail! unless ($util->validate_params($params)) { $your_app->error( $util->errstr ); }
So, if you want allow extra parameter, use this method.
$util->allow_extra_param('file'); my $params = { oauth_version => '1.0', ...and other oauth parameters, }; $params->{file} = "foo.jpg"; # Now this results successfully. unless ($util->validate_params($params)) { $your_app->error( $util->errstr ); }
You can allow multiple extra parameters at once.
$util->allow_extra_params(qw/file size/);
Set the signature method class's name that your server can supports.
$util->support_signature_method('HMAC_SHA1');
This method requires indicated signature method class inside. So, you should install OAuth::Lite::SignatureMethod::$method_class_name beforehand. For example, when your choise is HMAC_SHA1, you need to have OAuth::Lite::SignatureMethod::HMAC_SHA1 installed in your server.
You can set multiple signature method class at once.
$util->support_signature_methods(qw/HMAC_SHA1 RSA_SHA1/);
Check if the request includes all required params and doesn't include unsupported params. It doesn't check unsupported params when working on strict mode.
unless ($util->validate_params($params)) { $your_app->error( $util->errstr ); }
When the request is to exchange tokens or to access to protected resources, pass 1 for second argument. This flag indicates that oauth_token param is needed.
unless ($util->validate_params($params, 1)) { $your_app->error( $util->errstr ); }
unless ($util->validate_signature_method('HMAC-SHA1')) { $your_app->error(qq/Unsupported signature method/); ... }
# you can omit consumer_secret and token_secret if you don't need them. $util->verify_signature( method => $r->method, params => $params, url => $requested_uri, consumer_secret => $consumer_secret, token_secret => $token_secret, ) or die $utl->errstr;
OAuth::Lite::Server::mod_perl2
Lyo Kato, lyo.kato _at_ gmail.com
lyo.kato _at_ gmail.com
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself, either Perl version 5.8.6 or, at your option, any later version of Perl 5 you may have available.
To install OAuth::Lite, copy and paste the appropriate command in to your terminal.
cpanm
cpanm OAuth::Lite
CPAN shell
perl -MCPAN -e shell install OAuth::Lite
For more information on module installation, please visit the detailed CPAN module installation guide.