Index: /branches/release-39/extlib/Net/OAuth/Message.pm =================================================================== --- /branches/release-39/extlib/Net/OAuth/Message.pm (revision 2528) +++ /branches/release-39/extlib/Net/OAuth/Message.pm (revision 2528) @@ -0,0 +1,264 @@ +package Net::OAuth::Message; +use warnings; +use strict; +use base qw/Class::Data::Inheritable Class::Accessor/; +use URI::Escape; +use UNIVERSAL::require; + +sub add_required_message_params { + my $class = shift; + $class->required_message_params([@{$class->required_message_params}, @_]); + $class->all_message_params([@{$class->all_message_params}, @_]); + $class->all_params([@{$class->all_params}, @_]); + $class->mk_accessors(@_); +} + +sub add_optional_message_params { + my $class = shift; + $class->optional_message_params([@{$class->optional_message_params}, @_]); + $class->all_message_params([@{$class->all_message_params}, @_]); + $class->all_params([@{$class->all_params}, @_]); + $class->mk_accessors(@_); +} + +sub add_required_api_params { + my $class = shift; + $class->required_api_params([@{$class->required_api_params}, @_]); + $class->all_api_params([@{$class->all_api_params}, @_]); + $class->all_params([@{$class->all_params}, @_]); + $class->mk_accessors(@_); +} + +sub add_to_signature { + my $class = shift; + $class->signature_elements([@{$class->signature_elements}, @_]); +} + +sub new { + my $proto = shift; + my $class = ref $proto || $proto; + my %params = @_; + my $self = bless \%params, $class; + $self->{extra_params} ||= {}; + $self->{version} ||= '1.0'; + $self->check; + return $self; +} + +sub check { + my $self = shift; + foreach my $k (@{$self->required_message_params}, @{$self->required_api_params}) { + if (not defined $self->{$k}) { + die "Missing required parameter '$k'"; + } + } + if ($self->{extra_params} and $self->allow_extra_params) { + foreach my $k (keys %{$self->{extra_params}}) { + if ($k =~ /^oauth_/) { + die "Parameter '$k' not allowed in arbitrary params" + } + } + } +} + +sub encode { + my $str = shift; + $str = "" unless defined $str; + return URI::Escape::uri_escape_utf8($str,'^\w.~-'); +} + +sub decode { + my $str = shift; + return uri_unescape($str); +} + +sub allow_extra_params {1} + +sub sign_message {0} + +sub gather_message_parameters { + my $self = shift; + my %opts = @_; + $opts{quote} = "" unless defined $opts{quote}; + $opts{params} ||= []; + my %params; + foreach my $k (@{$self->required_message_params}, @{$self->optional_message_params}, @{$opts{add}}) { + next if $k eq 'signature' and (!$self->sign_message or !grep ($_ eq 'signature', @{$opts{add}})); + $params{"oauth_$k"} = $self->$k; + } + if ($self->{extra_params} and !$opts{no_extra} and $self->allow_extra_params) { + foreach my $k (keys %{$self->{extra_params}}) { + $params{$k} = $self->{extra_params}{$k}; + } + } + if ($opts{hash}) { + return \%params; + } + my @pairs; + while (my ($k,$v) = each %params) { + push @pairs, join('=', encode($k), $opts{quote} . encode($v) . $opts{quote}); + } + return sort(@pairs); # sort not required here but makes module more testable +} + +sub normalized_message_parameters { + my $self = shift; + return join('&', $self->gather_message_parameters); +} + +sub signature_base_string { + my $self = shift; + return join('&', map(encode($self->$_), @{$self->signature_elements})); +} + +sub sign { + my $self = shift; + my $class = $self->_signature_method_class; + $self->signature($class->sign($self, @_)); +} + +sub verify { + my $self = shift; + my $class = $self->_signature_method_class; + return $class->verify($self, @_); +} + +sub _signature_method_class { + my $self = shift; + (my $signature_method = $self->signature_method) =~ s/\W+/_/g; + my $klass = 'Net::OAuth::SignatureMethod::' . $signature_method; + $klass->require or die "Unable to load $signature_method plugin"; + return $klass; +} + +sub to_authorization_header { + my $self = shift; + my $realm = shift; + my $sep = shift || ","; + return join($sep, "OAuth realm=\"$realm\"", + $self->gather_message_parameters(quote => '"', add => [qw/signature/], no_extra => 1)); +} + +sub from_authorization_header { + my $proto = shift; + my $class = ref $proto || $proto; + my @header = split /[\s]*,[\s]*/, shift; + shift @header; + return $class->_from_pairs(\@header, @_) +} + +sub _from_pairs() { + my $class = shift; + my $pairs = shift; + if (ref $pairs ne 'ARRAY') { + die 'Expected an array!'; + } + my %params; + foreach my $pair (@$pairs) { + my ($k,$v) = split /=/, $pair; + if (defined $k and defined $v) { + $v =~ s/(^"|"$)//g; + ($k,$v) = map decode($_), $k, $v; + $params{$k} = $v; + } + } + return $class->from_hash(\%params, @_); +} + +sub from_hash { + my $proto = shift; + my $class = ref $proto || $proto; + my $hash = shift; + if (ref $hash ne 'HASH') { + die 'Expected a hash!'; + } + my %api_params = @_; + my %msg_params; + foreach my $k (keys %$hash) { + if ($k =~ s/^oauth_//) { + if (!grep ($_ eq $k, @{$class->all_message_params})) { + die "Parameter oauth_$k not valid for a message of type $class\n"; + } + else { + $msg_params{$k} = $hash->{"oauth_$k"}; + } + } + else { + $msg_params{extra_params}->{$k} = $hash->{$k}; + } + } + return $class->new(%msg_params, %api_params); +} + +sub from_url { + my $proto = shift; + my $class = ref $proto || $proto; + my $url = shift; + require URI; + require URI::QueryParam; + if (!UNIVERSAL::isa($url, 'URI')) { + $url = URI->new($url); + } + return $class->from_hash($url->query_form_hash, @_); +} + +sub to_post_body { + my $self = shift; + return join('&', $self->gather_message_parameters(add => [qw/signature/])); +} + +sub from_post_body { + my $proto = shift; + my $class = ref $proto || $proto; + my @pairs = split '&', shift; + return $class->_from_pairs(\@pairs, @_); +} + +sub to_hash { + my $self = shift; + return $self->gather_message_parameters(hash => 1, add => [qw/signature/]); +} + +sub to_url { + my $self = shift; + my $uri = shift; + if (!defined $uri and $self->can('request_url') and defined $self->request_url) { + $uri = $self->request_url; + } + if (defined $uri) { + require URI; + require URI::QueryParam; + $uri = URI->new("$uri"); + my $params = $self->to_hash; + foreach my $k (sort keys %$params) { + $uri->query_param($k, $params->{$k}); + } + return $uri; + } + else { + return $self->to_post_body; + } +} + +=head1 NAME + +Net::OAuth::Message - base class for OAuth messages + +=head1 SEE ALSO + +L + +=head1 AUTHOR + +Keith Grennan, C<< >> + +=head1 COPYRIGHT & LICENSE + +Copyright 2007 Keith Grennan, all rights reserved. + +This program is free software; you can redistribute it and/or modify it +under the same terms as Perl itself. + +=cut + +1; Index: /branches/release-39/extlib/Net/OAuth/SignatureMethod/RSA_SHA1.pm =================================================================== --- /branches/release-39/extlib/Net/OAuth/SignatureMethod/RSA_SHA1.pm (revision 2229) +++ /branches/release-39/extlib/Net/OAuth/SignatureMethod/RSA_SHA1.pm (revision 2528) @@ -7,7 +7,8 @@ my $self = shift; my $request = shift; + my $key = shift || $request->signature_key; die '$request->signature_key must be an RSA key object (e.g. Crypt::OpenSSL::RSA) that can sign($text)' - unless UNIVERSAL::can($request->signature_key, 'sign'); - return encode_base64($request->signature_key->sign($request->signature_base_string), ""); + unless UNIVERSAL::can($key, 'sign'); + return encode_base64($key->sign($request->signature_base_string), ""); } @@ -17,5 +18,5 @@ my $key = shift || $request->signature_key; die 'You must pass an RSA key object (e.g. Crypt::OpenSSL::RSA) that can verify($text,$sig)' - unless UNIVERSAL::can($request->signature_key, 'verify'); + unless UNIVERSAL::can($key, 'verify'); return $key->verify($request->signature_base_string, decode_base64($request->signature)); } Index: /branches/release-39/extlib/Net/OAuth/Request.pm =================================================================== --- /branches/release-39/extlib/Net/OAuth/Request.pm (revision 2229) +++ /branches/release-39/extlib/Net/OAuth/Request.pm (revision 2528) @@ -2,11 +2,9 @@ use warnings; use strict; -use base qw/Class::Data::Inheritable Class::Accessor/; -use URI::Escape; -use UNIVERSAL::require; +use base qw/Net::OAuth::Message/; -our $VERSION = '0.06'; +our $VERSION = '0.1'; -__PACKAGE__->mk_classdata(required_request_params => [qw/ +__PACKAGE__->mk_classdata(required_message_params => [qw/ consumer_key signature_method @@ -15,6 +13,7 @@ /]); -__PACKAGE__->mk_classdata(optional_request_params => [qw/ +__PACKAGE__->mk_classdata(optional_message_params => [qw/ version + signature /]); @@ -25,180 +24,44 @@ /]); +__PACKAGE__->mk_classdata(optional_api_params => [qw/ + signature_key + token_secret + extra_params + /]); + __PACKAGE__->mk_classdata(signature_elements => [qw/ request_method request_url - normalized_request_parameters + normalized_message_parameters /]); - + +__PACKAGE__->mk_classdata(all_message_params => [ + @{__PACKAGE__->required_message_params}, + @{__PACKAGE__->optional_message_params}, + ]); + +__PACKAGE__->mk_classdata(all_api_params => [ + @{__PACKAGE__->required_api_params}, + @{__PACKAGE__->optional_api_params}, + ]); + +__PACKAGE__->mk_classdata(all_params => [ + @{__PACKAGE__->all_api_params}, + @{__PACKAGE__->all_message_params}, + ]); + __PACKAGE__->mk_accessors( - @{__PACKAGE__->required_request_params}, - @{__PACKAGE__->optional_request_params}, - @{__PACKAGE__->required_api_params}, - qw/extra_params signature signature_key token_secret/ + @{__PACKAGE__->all_params}, ); - -sub add_required_request_params { - my $class = shift; - $class->required_request_params([@{$class->required_request_params}, @_]); - $class->mk_accessors(@_); -} - -sub add_optional_request_params { - my $class = shift; - $class->optional_request_params([@{$class->optional_request_params}, @_]); - $class->mk_accessors(@_); -} - -sub add_required_api_params { - my $class = shift; - $class->required_api_params([@{$class->required_api_params}, @_]); - $class->mk_accessors(@_); -} - -sub add_to_signature { - my $class = shift; - $class->signature_elements([@{$class->signature_elements}, @_]); -} - -sub new { - my $proto = shift; - my $class = ref $proto || $proto; - my %params = @_; - $params{version} = '1.0' unless defined $params{version}; - my $req = bless \%params, $class; - $req->check; - return $req; -} - -sub check { - my $self = shift; - foreach my $k (@{$self->required_request_params}, @{$self->required_api_params}) { - if (not defined $self->{$k}) { - die "Missing required parameter '$k'"; - } - } - if ($self->{extra_params} and $self->allow_extra_params) { - foreach my $k (keys %{$self->{extra_params}}) { - if ($k =~ /^oauth_/) { - die "Parameter '$k' not allowed in arbitrary params" - } - } - } -} - -sub encode { - my $str = shift; - $str = "" unless defined $str; - return URI::Escape::uri_escape_utf8($str,'^\w.~-'); -} - -sub decode { - my $str = shift; - return uri_unescape($str); -} - -sub allow_extra_params {1} - -sub gather_request_parameters { - my $self = shift; - my %opts = @_; - $opts{quote} = "" unless defined $opts{quote}; - $opts{params} ||= []; - my %params; - foreach my $k (@{$self->required_request_params}, @{$self->optional_request_params}, @{$opts{add}}) { - $params{"oauth_$k"} = $self->$k; - } - if ($self->{extra_params} and !$opts{no_extra} and $self->allow_extra_params) { - foreach my $k (keys %{$self->{extra_params}}) { - $params{$k} = $self->{extra_params}{$k}; - } - } - if ($opts{hash}) { - return \%params; - } - my @pairs; - while (my ($k,$v) = each %params) { - push @pairs, join('=', encode($k), $opts{quote} . encode($v) . $opts{quote}); - } - return sort(@pairs); # sort not required here but makes module more testable -} - -sub normalized_request_parameters { - my $self = shift; - return join('&', $self->gather_request_parameters); -} - -sub signature_base_string { - my $self = shift; - return join('&', map(encode($self->$_), @{$self->signature_elements})); -} sub signature_key { my $self = shift; # For some sig methods (I.e. RSA), users will pass in their own key - my $key = $self->get('signature_key'); + my $key = $self->get('signature_key'); unless (defined $key) { - $key = encode($self->consumer_secret) . '&'; - $key .= encode($self->token_secret) if $self->can('token_secret'); + $key = Net::OAuth::Message::encode($self->consumer_secret) . '&'; + $key .= Net::OAuth::Message::encode($self->token_secret) if $self->can('token_secret'); } return $key; -} - -sub sign { - my $self = shift; - my $class = $self->_signature_method_class; - $self->signature($class->sign($self, @_)); -} - -sub verify { - my $self = shift; - my $class = $self->_signature_method_class; - return $class->verify($self, @_); -} - -sub _signature_method_class { - my $self = shift; - (my $signature_method = $self->signature_method) =~ s/\W+/_/g; - my $klass = 'Net::OAuth::SignatureMethod::' . $signature_method; - $klass->require or die "Unable to load $signature_method plugin"; - return $klass; -} - -sub to_authorization_header { - my $self = shift; - my $realm = shift; - my $sep = shift || ","; - return join($sep, "OAuth realm=\"$realm\"", - $self->gather_request_parameters(quote => '"', add => [qw/signature/], no_extra => 1)); -} - -sub from_authorization_header { - my $proto = shift; - my $class = ref $proto || $proto; - my $header = shift; - my %extra_params = @_; - my @header = split /[\s]*,[\s]*/, $header; - shift @header; - my %params; - foreach my $pair (@header) { - my ($k,$v) = split /=/, $pair; - if (defined $k and defined $v) { - $v =~ s/(^"|"$)//g; - ($k,$v) = map decode($_), $k, $v; - $k =~ s/^oauth_//; - $params{$k} = $v; - } - } - return $class->new(%params, %extra_params); -} - -sub to_post_body { - my $self = shift; - return join('&', $self->gather_request_parameters(add => [qw/signature/])); -} - -sub to_hash { - my $self = shift; - return $self->gather_request_parameters(hash => 1, add => [qw/signature/]); } Index: /branches/release-39/extlib/Net/OAuth/RequestTokenResponse.pm =================================================================== --- /branches/release-39/extlib/Net/OAuth/RequestTokenResponse.pm (revision 2528) +++ /branches/release-39/extlib/Net/OAuth/RequestTokenResponse.pm (revision 2528) @@ -0,0 +1,30 @@ +package Net::OAuth::RequestTokenResponse; +use warnings; +use strict; +use base 'Net::OAuth::Response'; + +__PACKAGE__->add_required_message_params(qw/token_secret/); +sub allow_extra_params {1} + +=head1 NAME + +Net::OAuth::RequestTokenRequest - An OAuth protocol request for an Access Token + +=head1 SEE ALSO + +L, L + +=head1 AUTHOR + +Keith Grennan, C<< >> + +=head1 COPYRIGHT & LICENSE + +Copyright 2007 Keith Grennan, all rights reserved. + +This program is free software; you can redistribute it and/or modify it +under the same terms as Perl itself. + +=cut + +1; Index: /branches/release-39/extlib/Net/OAuth/UserAuthRequest.pm =================================================================== --- /branches/release-39/extlib/Net/OAuth/UserAuthRequest.pm (revision 2528) +++ /branches/release-39/extlib/Net/OAuth/UserAuthRequest.pm (revision 2528) @@ -0,0 +1,64 @@ +package Net::OAuth::UserAuthRequest; +use warnings; +use strict; +use base qw/Net::OAuth::Message/; + +__PACKAGE__->mk_classdata(required_message_params => [qw/ + /]); + +__PACKAGE__->mk_classdata(optional_message_params => [qw/ + token + callback + /]); + +__PACKAGE__->mk_classdata(required_api_params => [qw/ + /]); + +__PACKAGE__->mk_classdata(optional_api_params => [qw/ + extra_params + /]); + +__PACKAGE__->mk_classdata(signature_elements => [qw/ + /]); + +__PACKAGE__->mk_classdata(all_message_params => [ + @{__PACKAGE__->required_message_params}, + @{__PACKAGE__->optional_message_params}, + ]); + +__PACKAGE__->mk_classdata(all_api_params => [ + @{__PACKAGE__->required_api_params}, + @{__PACKAGE__->optional_api_params}, + ]); + +__PACKAGE__->mk_classdata(all_params => [ + @{__PACKAGE__->all_api_params}, + @{__PACKAGE__->all_message_params}, + ]); + +__PACKAGE__->mk_accessors( + @{__PACKAGE__->all_params}, + ); + +=head1 NAME + +Net::OAuth::UserAuthRequest - request for OAuth User Authentication + +=head1 SEE ALSO + +L + +=head1 AUTHOR + +Keith Grennan, C<< >> + +=head1 COPYRIGHT & LICENSE + +Copyright 2007 Keith Grennan, all rights reserved. + +This program is free software; you can redistribute it and/or modify it +under the same terms as Perl itself. + +=cut + +1; Index: /branches/release-39/extlib/Net/OAuth/AccessTokenRequest.pm =================================================================== --- /branches/release-39/extlib/Net/OAuth/AccessTokenRequest.pm (revision 2229) +++ /branches/release-39/extlib/Net/OAuth/AccessTokenRequest.pm (revision 2528) @@ -4,7 +4,8 @@ use base 'Net::OAuth::Request'; -__PACKAGE__->add_required_request_params(qw/token/); +__PACKAGE__->add_required_message_params(qw/token/); __PACKAGE__->add_required_api_params(qw/token_secret/); sub allow_extra_params {0} +sub sign_message {1} =head1 NAME Index: /branches/release-39/extlib/Net/OAuth/Response.pm =================================================================== --- /branches/release-39/extlib/Net/OAuth/Response.pm (revision 2528) +++ /branches/release-39/extlib/Net/OAuth/Response.pm (revision 2528) @@ -0,0 +1,63 @@ +package Net::OAuth::Response; +use warnings; +use strict; +use base qw/Net::OAuth::Message/; + +__PACKAGE__->mk_classdata(required_message_params => [qw/ + token + /]); + +__PACKAGE__->mk_classdata(optional_message_params => [qw/ + /]); + +__PACKAGE__->mk_classdata(required_api_params => [qw/ + /]); + +__PACKAGE__->mk_classdata(optional_api_params => [qw/ + extra_params + /]); + +__PACKAGE__->mk_classdata(signature_elements => [qw/ + /]); + +__PACKAGE__->mk_classdata(all_message_params => [ + @{__PACKAGE__->required_message_params}, + @{__PACKAGE__->optional_message_params}, + ]); + +__PACKAGE__->mk_classdata(all_api_params => [ + @{__PACKAGE__->required_api_params}, + @{__PACKAGE__->optional_api_params}, + ]); + +__PACKAGE__->mk_classdata(all_params => [ + @{__PACKAGE__->all_api_params}, + @{__PACKAGE__->all_message_params}, + ]); + +__PACKAGE__->mk_accessors( + @{__PACKAGE__->all_params}, + ); + +=head1 NAME + +Net::OAuth::Response - base class for OAuth responses + +=head1 SEE ALSO + +L + +=head1 AUTHOR + +Keith Grennan, C<< >> + +=head1 COPYRIGHT & LICENSE + +Copyright 2007 Keith Grennan, all rights reserved. + +This program is free software; you can redistribute it and/or modify it +under the same terms as Perl itself. + +=cut + +1; Index: /branches/release-39/extlib/Net/OAuth/UserAuthResponse.pm =================================================================== --- /branches/release-39/extlib/Net/OAuth/UserAuthResponse.pm (revision 2528) +++ /branches/release-39/extlib/Net/OAuth/UserAuthResponse.pm (revision 2528) @@ -0,0 +1,29 @@ +package Net::OAuth::UserAuthResponse; +use warnings; +use strict; +use base 'Net::OAuth::Response'; + +sub allow_extra_params {1} + +=head1 NAME + +Net::OAuth::UserAuthResponse - An OAuth protocol response for an Access Token + +=head1 SEE ALSO + +L, L + +=head1 AUTHOR + +Keith Grennan, C<< >> + +=head1 COPYRIGHT & LICENSE + +Copyright 2007 Keith Grennan, all rights reserved. + +This program is free software; you can redistribute it and/or modify it +under the same terms as Perl itself. + +=cut + +1; Index: /branches/release-39/extlib/Net/OAuth/AccessTokenResponse.pm =================================================================== --- /branches/release-39/extlib/Net/OAuth/AccessTokenResponse.pm (revision 2528) +++ /branches/release-39/extlib/Net/OAuth/AccessTokenResponse.pm (revision 2528) @@ -0,0 +1,30 @@ +package Net::OAuth::AccessTokenResponse; +use warnings; +use strict; +use base 'Net::OAuth::Response'; + +__PACKAGE__->add_required_message_params(qw/token_secret/); +sub allow_extra_params {1} + +=head1 NAME + +Net::OAuth::AccessTokenResponse - An OAuth protocol response for an Access Token + +=head1 SEE ALSO + +L, L + +=head1 AUTHOR + +Keith Grennan, C<< >> + +=head1 COPYRIGHT & LICENSE + +Copyright 2007 Keith Grennan, all rights reserved. + +This program is free software; you can redistribute it and/or modify it +under the same terms as Perl itself. + +=cut + +1; Index: /branches/release-39/extlib/Net/OAuth/RequestTokenRequest.pm =================================================================== --- /branches/release-39/extlib/Net/OAuth/RequestTokenRequest.pm (revision 2229) +++ /branches/release-39/extlib/Net/OAuth/RequestTokenRequest.pm (revision 2528) @@ -3,4 +3,6 @@ use strict; use base 'Net::OAuth::Request'; + +sub sign_message {1} =head1 NAME Index: /branches/release-39/extlib/Net/OAuth.pm =================================================================== --- /branches/release-39/extlib/Net/OAuth.pm (revision 2528) +++ /branches/release-39/extlib/Net/OAuth.pm (revision 2528) @@ -0,0 +1,328 @@ +package Net::OAuth; +use warnings; +use strict; +use UNIVERSAL::require; + +our $VERSION = '0.11'; + +sub request { + my $self = shift; + my $what = shift; + return $self->message($what . ' Request'); +} + +sub response { + my $self = shift; + my $what = shift; + return $self->message($what . ' Response'); +} + +sub message { + my $self = shift; + my $type = camel(shift); + my $class = 'Net::OAuth::' . $type; + $class->require; + return $class; +} + +sub camel { + my @words; + foreach (@_) { + while (/([A-Za-z0-9]+)/g) { + (my $word = $1) =~ s/authentication/auth/i; + push @words, $word; + } + } + my $name = join('', map("\u$_", @words)); +} + +=head1 NAME + +Net::OAuth - OAuth protocol support + +=head1 SYNOPSIS + + # Consumer sends Request Token Request + + use Net::OAuth; + use HTTP::Request::Common; + my $ua = LWP::UserAgent->new; + + my $request = Net::OAuth->request("request token")->new( + consumer_key => 'dpf43f3p2l4k3l03', + consumer_secret => 'kd94hf93k423kf44', + request_url => 'https://photos.example.net/request_token', + request_method => 'POST', + signature_method => 'HMAC-SHA1', + timestamp => '1191242090', + nonce => 'hsu94j3884jdopsl', + extra_params => { + apple => 'banana', + kiwi => 'pear', + } + ); + + $request->sign; + + my $res = $ua->request(POST $request->to_url); # Post message to the Service Provider + + if ($res->is_success) { + my $response = Net::OAuth->response('request token')->from_post_body($res->content); + print "Got Request Token ", $response->token, "\n"; + print "Got Request Token Secret ", $response->token_secret, "\n"; + } + else { + die "Something went wrong"; + } + + # Etc.. + + # Service Provider receives Request Token Request + + use Net::OAuth; + use CGI; + my $q = new CGI; + + my $request = Net::OAuth->request("request token")->from_hash($q->Vars, + request_url => 'https://photos.example.net/request_token', + request_method => $q->request_method, + consumer_secret => 'kd94hf93k423kf44', + ); + + if (!$request->verify) { + die "Signature verification failed"; + } + else { + # Service Provider sends Request Token Response + + my $response = Net::OAuth->response("request token")->new( + token => 'abcdef', + token_secret => '0123456', + ); + + print $response->to_post_body; + } + + # Etc.. + +=head1 ABSTRACT + +OAuth is + +"An open protocol to allow secure API authentication in a simple and standard method from desktop and web applications." + +In practical terms, OAuth is a mechanism for a Consumer to request protected resources from a Service Provider on behalf of a user. + +Please refer to the OAuth spec: L + +Net::OAuth provides: + +=over + +=item * classes that encapsulate OAuth messages (requests and responses). + +=item * message signing + +=item * message serialization and parsing. + +=back + +Net::OAuth does not provide: + +=over + +=item * Consumer or Service Provider encapsulation + +=item * token/nonce/key storage/management + +=back + +=head1 DESCRIPTION + +=head2 OAUTH MESSAGES + +An OAuth message is a set of key-value pairs. The following message types are supported: + +Requests + +=over + +=item * Request Token (Net::OAuth::RequestTokenRequest) + +=item * Access Token (Net::OAuth::AccessTokenRequest) + +=item * User Authentication (Net::OAuth::UserAuthRequest) + +=item * Protected Resource (Net::OAuth::ProtectedResourceRequest) + +=back + +Responses + +=over + +=item * Request Token (Net::OAuth::RequestTokenResponse) + +=item * Access Token (Net::OAuth:AccessTokenResponse) + +=item * User Authentication (Net::OAuth::UserAuthResponse) + +=back + +Each OAuth message type has one or more required parameters, zero or more optional parameters, and most allow arbitrary parameters. + +All OAuth requests must be signed by the Consumer. Responses from the Service Provider, however, are not signed. + +To create a message, the easiest way is to use the factory methods (Net::OAuth->request, Net::OAuth->response, Net::OAuth->message). The following method invocations are all equivalent: + + $request = Net::OAuth->request('user authentication')->new(%params); + $request = Net::OAuth->request('user_auth')->new(%params); + $request = Net::OAuth->request('UserAuth')->new(%params); + $request = Net::OAuth->message('UserAuthRequest')->new(%params); + +The more verbose way is to use the class directly: + + use Net::OAuth::UserAuthRequest; + $request = Net::OAuth::UserAuthRequest->new(%params); + +You can also create a message by deserializing it from a Authorization header, URL, query hash, or POST body + + $request = Net::OAuth->request('protected resource')->from_authorization_header($header, %api_params); + $request = Net::OAuth->request('protected resource')->from_url($url, %api_params); + $request = Net::OAuth->request('protected resource')->from_hash($q->Vars, %api_params); # CGI + $request = Net::OAuth->request('protected resource')->from_hash($c->request->params, %api_params); # Catalyst + $response = Net::OAuth->response('request token')->from_post_body($response_content, %api_params); + +Note that the deserialization methods (as opposed to new()) expect OAuth protocol parameters to be prefixed with 'oauth_', as you would expect in a valid OAuth message. + +Before sending a request, the Consumer must first sign it: + + $request->sign; + +When receiving a request, the Service Provider should first verify the signature: + + $request->verify; + +When sending a message the last step is to serialize it and send it to wherever it needs to go. The following serialization methods are available: + + $response->to_post_body # a application/x-www-form-urlencoded POST body + + $request->to_url # the query string of a URL + + $request->to_authorization_header # the value of an HTTP Authorization header + + $request->to_hash # a hash that could be used for some other serialization + +=head2 API PARAMETERS vs MESSAGE PARAMETERS + +Net::OAuth defines 'message parameters' as parameters that are part of the transmitted OAuth message. These include any protocol parameter (prefixed with 'oauth_' in the message), and any additional message parameters (the extra_params hash). + +'API parameters' are parameters required to build a message object that are not transmitted with the message, e.g. consumer_secret, token_secret, request_url, request_method. + +There are various methods to inspect a message class to see what parameters are defined: + + $request->required_message_params; + $request->optional_message_params; + $request->all_message_params; + $request->required_api_params; + $request->optional_api_params; + $request->all_api_params; + $request->all_params; + +E.g. + + use Net::OAuth; + use Data::Dumper; + print Dumper(Net::OAuth->request("protected resource")->required_message_params); + + $VAR1 = [ + 'consumer_key', + 'signature_method', + 'timestamp', + 'nonce', + 'token' + ]; + +=head2 ACCESSING PARAMETERS + +All parameters can be get/set using accessor methods. E.g. + + my $consumer_key = $request->consumer_key; + $request->request_method('POST'); + +=head2 SIGNATURE METHODS + +The following signature methods are supported: + +=over + +=item * PLAINTEXT + +=item * HMAC-SHA1 + +=item * RSA-SHA1 + +=back + +The signature method is determined by the value of the signature_method parameter that is passed to the message constructor. + +If an unknown signature method is specified, the signing/verification will throw an exception. + +=head3 PLAINTEXT SIGNATURES + +This method is a trivial signature which adds no security. Not recommended. + +=head3 HMAC-SHA1 SIGNATURES + +This method is available if you have Digest::HMAC_SHA1 installed. This is by far the most commonly used method. + +=head3 RSA-SHA1 SIGNATURES + +To use RSA-SHA1 signatures, pass in a Crypt::OpenSSL::RSA object (or any object that can do $o->sign($str) and/or $o->verify($str, $sig)) + +E.g. + +Consumer: + + use Crypt::OpenSSL::RSA; + use File::Slurp; + $keystring = read_file('private_key.pem'); + $private_key = Crypt::OpenSSL::RSA->new_private_key($keystring); + $request = Net::OAuth->request('request token')->new(%params); + $request->sign($private_key); + +Service Provider: + + use Crypt::OpenSSL::RSA; + use File::Slurp; + $keystring = read_file('public_key.pem'); + $public_key = Crypt::OpenSSL::RSA->new_public_key($keystring); + $request = Net::OAuth->request('request token')->new(%params); + if (!$request->verify($public_key)) { + die "Signature verification failed"; + } + +Note that you can pass the key in as a parameter called 'signature_key' to the message constructor, rather than passing it to the sign/verify method, if you like. + +=head1 DEMO + +There is a demo Consumer CGI in this package, also available online at L + +=head1 SEE ALSO + +L + +=head1 AUTHOR + +Keith Grennan, C<< >> + +=head1 COPYRIGHT & LICENSE + +Copyright 2007 Keith Grennan, all rights reserved. + +This program is free software; you can redistribute it and/or modify it +under the same terms as Perl itself. + +=cut + +1;