NAME
CatalystX::OAuth2 - OAuth2 services for Catalyst
VERSION
version 0.001009
SYNOPSIS
useMoose;__PACKAGE__->config(store=> {class=>'DBIC',client_model=>'DB::Client'});subrequest : Chained('/') Args(0) Does('OAuth2::RequestAuth') {}subgrant : Chained('/') Args(0) Does('OAuth2::GrantAuth') {my($self,$c) =@_;my$oauth2=$c->req->oauth2;$c->user_exists and$oauth2->user_is_valid(1)or$c->detach('/passthrulogin');}subtoken : Chained('/') Args(0) Does('OAuth2::AuthToken::ViaAuthGrant') {}subrefresh : Chained('/') Args(0) Does('OAuth2::AuthToken::ViaRefreshToken') {}1;
DESCRIPTION
This module implements the authorization grant subset of the oauth 2 ietf spec draft. Action roles containing an implementation of each required endpoint in the specification are provided and should be applied to a Catalyst::Controller::ActionRole. The authorization grant flow is defined by the specification as follows:
+--------+ +---------------+| |--(A)------- Authorization Grant --------->| || | | || |<-(B)----------- Access Token -------------| || | & Refresh Token | || | | || | +----------+ | || |--(C)---- Access Token ---->| | | || | | | | || |<-(D)- Protected Resource --| Resource | | Authorization || Client | | Server | | Server || |--(E)---- Access Token ---->| | | || | | | | || |<-(F)- Invalid Token Error -| | | || | +----------+ | || | | || |--(G)----------- Refresh Token ----------->| || | | || |<-(H)----------- Access Token -------------| |+--------+ & Optional Refresh Token +---------------+
The action roles should be applied to actions in a single controller, and no more than one action of each role type should be present.
Here is an overview of what roles are involved in each of those phases:
- A - Catalyst::ActionRole::OAuth2::RequestAuth
-
Required
This is the action where the authentication grant flow begins, it validades and sanitizes the request parameters and generates an authorization code which is used for issuing a valid request to the GrantAuth action via a redirect. The authorization code is only generated if all parameters are well-formed and valid, this ensures that requests to the GrantAuth action can trust the request parameters if a valid authorization code is presented.
- B - Catalyst::ActionRole::OAuth2::GrantAuth
-
Required
This action checks the request parameters for a valid authorization code, which should have been generated by a previous request to a RequestAuth action. This action should be customized to somehow confirm with the end-user if he wishes to effectively grant the authorization to the requesting client/app. The user-agent is redirected automatically to the correct endpoint if the authorization is granted.
- C and D - Catalyst::ActionRole::OAuth2::AuthToken::ViaAuthGrant
-
Required
This action exchanges a valid authorization grant code and responds with an authorization token.
- G and H - Catalyst::ActionRole::OAuth2::AuthToken::ViaRefreshToken
-
Optional
This action exchanges a valid refresh token for a new access token and refresh token.
CONFIGURATION
store
Takes a hashref containing two keys:
- class
-
The store type to use, so far, only DBIC support is provided
- client_model
-
The entity representing the client in your schema
SPONSORSHIP
This module exists due to the wonderful people at Suretec Systems Ltd. <http://www.suretecsystems.com/> who sponsored its development for its VoIP division called SureVoIP <http://www.surevoip.co.uk/> for use with the SureVoIP API - <http://www.surevoip.co.uk/support/wiki/api_documentation>
AUTHOR
Eden Cardim <edencardim@gmail.com>
COPYRIGHT AND LICENSE
This software is copyright (c) 2017 by Suretec Systems Ltd.
This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.