1 package Catalyst::Authentication::Credential::OAuth;
3 use MooseX::Types::Moose qw/ Bool HashRef /;
4 use MooseX::Types::Common::String qw/ NonEmptySimpleStr /;
6 #$Net::OAuth::PROTOCOL_VERSION = Net::OAuth::PROTOCOL_VERSION_1_0A;
8 use HTTP::Request::Common;
9 use String::Random qw/ random_string /;
10 use Catalyst::Exception ();
11 use namespace::autoclean;
13 our $VERSION = '0.02';
15 has debug => ( is => 'ro', isa => Bool );
16 has providers => ( is => 'ro', isa => HashRef, required => 1 );
17 has ua => ( is => 'ro', lazy_build => 1, init_arg => undef, isa => 'LWP::UserAgent' );
20 my ($self, $config, $c, $realm) = @_;
27 $self->ua; # Ensure lazy value is built.
37 my ($self, $c, $realm, $auth_info) = @_;
39 Catalyst::Exception->throw( "Provider is not defined." )
40 unless defined $auth_info->{provider} || defined $self->providers->{ $auth_info->{provider} };
42 my $provider = $self->providers->{ $auth_info->{provider} };
44 for ( qw/ consumer_key consumer_secret request_token_endpoint access_token_endpoint user_auth_endpoint / ) {
45 Catalyst::Exception->throw( $_ . " is not defined for provider ". $auth_info->{provider} )
46 unless $provider->{$_};
50 consumer_key => $provider->{consumer_key},
51 consumer_secret => $provider->{consumer_secret},
53 nonce => random_string( 'ccccccccccccccccccc' ),
54 request_method => 'GET',
55 signature_method => 'HMAC-SHA1',
56 oauth_version => '1.0a',
57 callback => $c->uri_for( $c->action, $c->req->captures, @{ $c->req->args } )->as_string
60 $c->log_debug( "authenticate() called from " . $c->request->uri ) if $self->debug;
62 my $oauth_token = $c->req->method eq 'GET'
63 ? $c->req->query_params->{oauth_token}
64 : $c->req->body_params->{oauth_token};
68 my $response = Net::OAuth->response( 'user auth' )->from_hash( $c->req->params );
70 my $request = Net::OAuth->request( 'access token' )->new(
72 token => $response->token,
74 request_url => $provider->{access_token_endpoint},
78 my $ua_response = $self->ua->request( GET $request->to_url );
79 Catalyst::Exception->throw( $ua_response->status_line.' '.$ua_response->content )
80 unless $ua_response->is_success;
82 $response = Net::OAuth->response( 'access token' )->from_post_body( $ua_response->content );
85 token => $response->token,
86 token_secret => $response->token_secret,
87 extra_params => $response->extra_params
90 my $user_obj = $realm->find_user( $user, $c );
92 return $user_obj if ref $user_obj;
94 $c->log->debug( 'Verified OAuth identity failed' ) if $self->debug;
99 my $request = Net::OAuth->request( 'request token' )->new(
101 request_url => $provider->{request_token_endpoint}
105 my $ua_response = $self->ua->request( GET $request->to_url );
107 Catalyst::Exception->throw( $ua_response->status_line.' '.$ua_response->content )
108 unless $ua_response->is_success;
110 my $response = Net::OAuth->response( 'request token' )->from_post_body( $ua_response->content );
112 $request = Net::OAuth->request( 'user auth' )->new(
114 token => $response->token,
117 $c->res->redirect( $request->to_url( $provider->{user_auth_endpoint} ) );
131 Catalyst::Authentication::Credential::OAuth - OAuth credential for Catalyst::Plugin::Authentication framework.
144 Session::Store::FastMmap
145 Session::State::Cookie
151 <Plugin::Authentication>
159 consumer_key my_app_key
160 consumer_secret my_app_secret
161 request_token_endpoint http://example.com/oauth/request_token
162 access_token_endpoint http://example.com/oauth/access_token
163 user_auth_endpoint http://example.com/oauth/authorize
169 </Plugin::Authentication>
177 if( $c->authenticate( { provider => 'example.com' } ) ) {
178 #do something with $c->user
188 =item $c->user->token
190 =item $c->user->token_secret
192 =item $c->user->extra_params - whatever other params the provider sends back
198 Cosmin Budrica E<lt>cosmin@sinapticode.comE<gt>
200 Bogdan Lucaciu E<lt>bogdan@sinapticode.comE<gt>
202 With contributions from:
204 Tomas Doran E<lt>bobtfish@bobtfish.netE</gt>
209 Only tested with twitter
213 Copyright (c) 2009 Sinapticode. All rights reserved
215 This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.