++ed by:
Tim Brody


LWP::Authen::OAuth - generate signed OAuth requests


        require LWP::Authen::OAuth;


        # Google uses 'anonymous' for unregistered Web/offline applications or the
        # domain name for registered Web applications
        my $ua = LWP::Authen::OAuth->new(
                oauth_consumer_secret => "anonymous",
        # request a 'request' token
        my $r = $ua->post( "https://www.google.com/accounts/OAuthGetRequestToken",
                        oauth_consumer_key => 'anonymous',
                        oauth_callback => 'http://example.net/oauth',
                        xoauth_displayname => 'Example Application',
                        scope => 'https://docs.google.com/feeds/',
        die $r->as_string if $r->is_error;
        # update the token secret from the HTTP response
        $ua->oauth_update_from_response( $r );
        # open a browser for the user 
        # data are returned as form-encoded
        my $uri = URI->new( 'http:' );
        $uri->query( $r->content );
        my %oauth_data = $uri->query_form;
        # Direct the user to here to grant you access:
        # https://www.google.com/accounts/OAuthAuthorizeToken?
        #       oauth_token=$oauth_data{oauth_token}\n";
        # turn the 'request' token into an 'access' token with the verifier
        # returned by google
        $r = $ua->post( "https://www.google.com/accounts/OAuthGetAccessToken", [
                oauth_consumer_key => 'anonymous',
                oauth_token => $oauth_data{oauth_token},
                oauth_verifier => $oauth_verifier,
        # update the token secret from the HTTP response
        $ua->oauth_update_from_response( $r );
        # now use the $ua to perform whatever actions you want


Sending status updates to a single account is quite easy if you create an application. The oauth_consumer_key and oauth_consumer_secret come from the 'Application Details' page and the oauth_token and oauth_token_secret from the 'My Access Token' page.

        my $ua = LWP::Authen::OAuth->new(
                oauth_consumer_key => 'xxx1',
                oauth_consumer_secret => 'xxx2',
                oauth_token => 'yyy1',
                oauth_token_secret => 'yyy2',
        $ua->post( 'http://api.twitter.com/1/statuses/update.json', [
                status => 'Posted this using LWP::Authen::OAuth!'


This module provides a sub-class of LWP::UserAgent that generates OAuth 1.0 signed requests. You should familiarise yourself with OAuth at http://oauth.net/.

This module only supports HMAC_SHA1 signing.

OAuth nonces are generated using the Perl random number generator. To set a nonce manually define 'oauth_nonce' in your requests via a CGI parameter or the Authorization header - see the OAuth documentation.


$ua = LWP::Authen::OAuth->new( ... )

Takes the same options as "new" in LWP::UserAgent plus optionally:


Most services will require some or all of these to be set even if it's just 'anonymous'.

$ua->oauth_update_from_response( $r )

Update the oauth_token and oauth_token_secret from an HTTP::Response object returned by a previous request e.g. when converting a request token into an access token.

$key = $ua->oauth_consumer_key( [ KEY ] )

Get and optionally set the consumer key.

$secret = $ua->oauth_consumer_secret( [ SECRET ] )

Get and optionally set the consumer secret.

$token = $ua->oauth_token( [ TOKEN ] )

Get and optionally set the oauth token.

$secret = $ua->oauth_token_secret( [ SECRET ] )

Get and optionally set the oauth token secret.


LWP::UserAgent, MIME::Base64, Digest::SHA, URI, URI::Escape


I think the complexity in OAuth is in the parameter normalisation and message signing. What this module does is to hide that complexity without replicating the higher-level protocol chatter.

In Net::OAuth:

        $r = Net::OAuth->request('request token')->new(
                consumer_key => 'xxx',
                request_url => 'https://photos.example.net/request_token',
                callback => 'http://printer.example.com/request_token_ready',
                extra_params {
                        scope => 'global',
        $res = $ua->request(POST $r->to_url);
        $res = Net::OAuth->response('request token')
        ... etc

In LWP::Authen::OAuth:

        $ua = LWP::Authen::OAuth->new(
                oauth_consumer_key => 'xxx'
        $res = $ua->post( 'https://photos.example.net/request_token', [
                oauth_callback => 'http://printer.example.com/request_token_ready',
                scope => 'global',
        $ua->oauth_update_from_response( $res );
        ... etc

Net::OAuth, OAuth::Lite.


Timothy D Brody <tdb2@ecs.soton.ac.uk>

Copyright 2011 University of Southampton, UK

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself

Hosting generously
sponsored by Bytemark