package Catalyst::Authentication::Credential::OpenID;
-use base "Class::Accessor::Fast";
+use strict;
+use warnings;
+no warnings "uninitialized";
+use parent "Class::Accessor::Fast";
BEGIN {
__PACKAGE__->mk_accessors(qw/ _config realm debug secret /);
}
-use strict;
-use warnings;
-no warnings "uninitialized";
-
-our $VERSION = '0.01';
+our $VERSION = "0.04";
use Net::OpenID::Consumer;
use UNIVERSAL::require;
};
bless $self, $class;
- # 2.0 "SHOULD"
+ # 2.0 spec says "SHOULD" be named "openid_identifier."
$self->_config->{openid_field} ||= "openid_identifier";
$self->debug( $self->_config->{debug} );
$secret = substr($secret,0,255) if length $secret > 255;
$self->secret( $secret );
+ $self->_config->{ua_class} ||= "LWPx::ParanoidAgent";
eval {
- ( $self->_config->{ua_class} ||= "LWPx::ParanoidAgent" )->require;
+ $self->_config->{ua_class}->require;
}
- or Catalyst::Exception->throw("Could not 'require' user agent class " . $self->_config->{ua_class});
+ or Catalyst::Exception->throw("Could not 'require' user agent class " .
+ $self->_config->{ua_class});
$c->log->debug("Setting consumer secret: " . $secret) if $self->debug;
my $csr = Net::OpenID::Consumer->new(
ua => $self->_config->{ua_class}->new(%{$self->_config->{ua_args} || {}}),
args => $c->req->params,
- consumer_secret => sub { $self->secret },
+ consumer_secret => $self->secret,
);
if ( $claimed_uri )
$csr->err);
}
}
- else
- {
- return;
- }
+ return;
}
1;
__END__
-=pod
-
=head1 NAME
-Catalyst::Authentication::Credential::OpenID - OpenID credential for Catalyst::Authentication framework.
+Catalyst::Authentication::Credential::OpenID - OpenID credential for L<Catalyst::Plugin::Authentication> framework.
+
+=head1 VERSION
+
+0.04
=head1 SYNOPSIS
- # MyApp
+In MyApp.pm.
+
use Catalyst qw/
Authentication
Session
Session::State::Cookie
/;
- # MyApp.yaml --
+Somewhere in myapp.conf.
+
+ <Plugin::Authentication>
+ default_realm openid
+ <realms>
+ <openid>
+ <credential>
+ class OpenID
+ </credential>
+ ua_class LWPx::ParanoidAgent
+ </openid>
+ </realms>
+ </Plugin::Authentication>
+
+Or in your myapp.yml if you're using L<YAML> instead.
+
Plugin::Authentication:
default_realm: openid
realms:
openid:
credential:
class: OpenID
+ ua_class: LWPx::ParanoidAgent
- # Root::openid().
- sub openid : Local {
+In a controller, perhaps C<Root::openid>.
+
+ sub openid : Local {
my($self, $c) = @_;
if ( $c->authenticate() )
{
# Present OpenID form.
}
- }
+ }
- # openid.tt
- <form action="[% c.uri_for('/openid') %]" method="GET" name="openid">
- <input type="text" name="openid_identifier" class="openid" />
- <input type="submit" value="Sign in with OpenID" />
- </form>
+And a L<Template> to match in C<openid.tt>.
+ <form action="[% c.uri_for('/openid') %]" method="GET" name="openid">
+ <input type="text" name="openid_identifier" class="openid" />
+ <input type="submit" value="Sign in with OpenID" />
+ </form>
=head1 DESCRIPTION
the newish, at the time of this module's inception, realm-based
authentication in L<Catalyst::Plugin::Authentication>.
- * Catalyst::Plugin::Authentication::OpenID (first)
- * Catalyst::Plugin::Authentication::Credential::OpenID (second)
- * Catalyst::Authentication::Credential::OpenID (this, the third)
+ 1. Catalyst::Plugin::Authentication::OpenID
+ 2. Catalyst::Plugin::Authentication::Credential::OpenID
+ 3. Catalyst::Authentication::Credential::OpenID
The benefit of this version is that you can use an arbitrary number of
authentication systems in your L<Catalyst> application and configure
and call all of them in the same way.
-Note, both earlier versions of OpenID authentication use the method
+Note that both earlier versions of OpenID authentication use the method
C<authenticate_openid()>. This module uses C<authenticate()> and
relies on you to specify the realm. You can specify the realm as the
default in the configuration or inline with each
=over 4
-=item * Catalyst::Authentication::Credential::OpenID->new()
-
-You will never call this. Catalyst does it for you. The only important
-thing you might like to know about it is that it merges its realm
-configuration with its configuration proper. If this doesn't mean
-anything to you, don't worry.
-
-=item * $c->authenticate({},"your_openid_realm");
+=item $c->authenticate({},"your_openid_realm");
Call to authenticate the user via OpenID. Returns false if
authorization is unsuccessful. Sets the user into the session and
my $claimed_uri = $c->req->params->{openid_identifier};
$c->authenticate({openid_identifier => $claimed_uri});
-=back
+=item Catalyst::Authentication::Credential::OpenID->new()
+You will never call this. Catalyst does it for you. The only important
+thing you might like to know about it is that it merges its realm
+configuration with its configuration proper. If this doesn't mean
+anything to you, don't worry.
+
+=back
=head2 USER METHODS
Currently the only supported user class is L<Catalyst::Plugin::Authentication::User::Hash>.
-=over 8
+=over 4
-=item url
+=item $c->user->url
-=item display
+=item $c->user->display
-=item rss
+=item $c->user->rss
-=item atom
+=item $c->user->atom
-=item foaf
+=item $c->user->foaf
-=item declared_rss
+=item $c->user->declared_rss
-=item declared_atom
+=item $c->user->declared_atom
-=item declared_foaf
+=item $c->user->declared_foaf
-=item foafmaker
+=item $c->user->foafmaker
=back
}
},
openid => {
+ consumer_secret => "Don't bother setting",
ua_class => "LWPx::ParanoidAgent",
ua_args => {
whitelisted_hosts => [qw/ 127.0.0.1 localhost /],
},
);
-And now, the same configuration in YAML.
+This is the same configuration in the default L<Catalyst> configuration format from L<Config::General>.
+
+ name MyApp
+ <Plugin::Authentication>
+ default_realm members
+ <realms>
+ <members>
+ <store>
+ class Minimal
+ <users>
+ <paco>
+ password l4s4v3n7ur45
+ </paco>
+ </users>
+ </store>
+ <credential>
+ password_field password
+ password_type clear
+ class Password
+ </credential>
+ </members>
+ <openid>
+ <ua_args>
+ whitelisted_hosts 127.0.0.1
+ whitelisted_hosts localhost
+ </ua_args>
+ consumer_secret Don't bother setting
+ ua_class LWPx::ParanoidAgent
+ <credential>
+ <store>
+ class OpenID
+ </store>
+ class OpenID
+ </credential>
+ </openid>
+ </realms>
+ </Plugin::Authentication>
+
+And now, the same configuration in L<YAML>. B<NB>: L<YAML> is whitespace sensitive.
name: MyApp
Plugin::Authentication:
class: OpenID
store:
class: OpenID
+ consumer_secret: Don't bother setting
ua_class: LWPx::ParanoidAgent
ua_args:
whitelisted_hosts:
- localhost
B<NB>: There is no OpenID store yet. Trying for next release.
-L<LWPx::ParanoidAgent> is the default agent. You don't have to set it.
-I recommend that you do B<not> override it. You can with any well
-behaved L<LWP::UserAgent>. You probably should not.
+
+=head2 MORE ON CONFIGURATION
+
+These are set in your realm. See above.
+
+=over 4
+
+=item ua_args and ua_class
+
+L<LWPx::ParanoidAgent> is the default agent -- C<ua_class>. You don't
+have to set it. I recommend that you do B<not> override it. You can
+with any well behaved L<LWP::UserAgent>. You probably should not.
L<LWPx::ParanoidAgent> buys you many defenses and extra security
checks. When you allow your application users freedom to initiate
external requests, you open a big avenue for DoS (denial of service)
attacks. L<LWPx::ParanoidAgent> defends against this.
L<LWP::UserAgent> and any regular subclass of it will not.
+=item consumer_secret
+
+The underlying L<Net::OpenID::Consumer> object is seeded with a
+secret. If it's important to you to set your own, you can. The default
+uses this package name + its version + the sorted configuration keys
+of your Catalyst application (chopped at 255 characters if it's
+longer). This should generally be superior to any fixed string.
+
+=back
=head1 TODO
Debug statements need to be both expanded and limited via realm
configuration.
-Better diagnostics in errors.
+Better diagnostics in errors. Debug info at all consumer calls.
+Roles from provider domains? Mapped? Direct? A generic "openid" auto_role?
+
+=head1 THANKS
+
+To Benjamin Trott (L<Catalyst::Plugin::Authentication::OpenID>), Tatsuhiko Miyagawa (L<Catalyst::Plugin::Authentication::Credential::OpenID>), and Brad Fitzpatrick for the great OpenID stuff and to Jay Kuri and everyone else who has made Catalyst such a wonderful framework.
=head1 LICENSE AND COPYRIGHT
This module is free software; you can redistribute it and modify it
under the same terms as Perl itself. See L<perlartistic>.
-
=head1 DISCLAIMER OF WARRANTY
Because this software is licensed free of charge, there is no warranty
such holder or other party has been advised of the possibility of
such damages.
-=head1 THANKS
+=head1 SEE ALSO
-To Benjamin Trott, Tatsuhiko Miyagawa, and Brad Fitzpatrick for the
-great OpenID stuff and to Jay Kuri and everyone else who has made
-Catalyst such a wonderful framework.
+=over 4
-=head1 SEE ALSO
+=item OpenID
+
+L<Net::OpenID::Server>, L<Net::OpenID::VerifiedIdentity>,
+L<Net::OpenID::Consumer>, L<http://openid.net/>, and L<http://openid.net/developers/specs/>.
+
+=item Catalyst Authentication
-L<Catalyst>, L<Catalyst::Plugin::Authentication>,
-L<Net::OpenID::Consumer>, and L<LWPx::ParanoidAgent>.
+L<Catalyst>, L<Catalyst::Plugin::Authentication>, L<Catalyst::Manual::Tutorial::Authorization>, and L<Catalyst::Manual::Tutorial::Authentication>.
-=head2 RELATED
+=item Catalyst Configuraiton
-L<Net::OpenID::Server>, L<http://openid.net/>, and L<http://openid.net/developers/specs/>.
+L<Catalyst::Plugin::ConfigLoader>, L<Config::General>, and L<YAML>.
-L<Catalyst::Plugin::Authentication::OpenID> (Benjamin Trott) and L<Catalyst::Plugin::Authentication::Credential::OpenID> (Tatsuhiko Miyagawa).
+=item Miscellaneous
+
+L<Catalyst::Manual::Tutorial>, L<Template>, L<LWPx::ParanoidAgent>.
+
+=back
=cut