File Coverage

blib/lib/CatalystX/OAuth2.pm

Criterion	Covered	Total	%
statement	9	9	100.0
branch	2	2	100.0
condition			n/a
subroutine	3	3	100.0
pod	0	1	0.0
total	14	15	93.3

line	stmt	bran	sub	pod	time	code
1						package CatalystX::OAuth2;
2	8		8		4806	use Moose::Role;
	8				24
	8				68
3
4						# ABSTRACT: OAuth2 services for Catalyst
5
6
7						requires '_build_query_parameters';
8
9						# spec isn't clear re missing endpoint uris
10						has redirect_uri => ( is => 'ro', required => 0 );
11
12						has store => (
13						is => 'rw',
14						does => 'CatalystX::OAuth2::Store',
15						init_arg => undef,
16						predicate => 'has_store'
17						);
18
19						has query_parameters => ( is => 'rw', init_arg => undef, lazy_build => 1 );
20
21	27		27		222	sub _params {qw(response_type redirect_uri scope state client_id)}
22
23						sub BUILD {
24	27		27	0	47062	my ( $self, $args ) = @_;
25	27				161	delete @{$args}{ $self->_params() };
	27				138
26	27	100			266	if ( my @extra = keys %$args ) {
27	3				126	$self->query_parameters(
28						{ error => 'invalid_request',
29						error_description => 'unrecognized parameters: '
30						. join( ', ', @extra )
31						}
32						);
33						}
34						}
35
36
37						1;
38
39						__END__
40
41						=pod
42
43						=head1 NAME
44
45						CatalystX::OAuth2 - OAuth2 services for Catalyst
46
47						=head1 VERSION
48
49						version 0.001006
50
51						=head1 SYNOPSIS
52
53						package AuthServer::Controller::OAuth2::Provider;
54						use Moose;
55						BEGIN { extends 'Catalyst::Controller::ActionRole' }
56
57						with 'CatalystX::OAuth2::Controller::Role::Provider';
58
59						__PACKAGE__->config(
60						store => {
61						class => 'DBIC',
62						client_model => 'DB::Client'
63						}
64						);
65
66						sub request : Chained('/') Args(0) Does('OAuth2::RequestAuth') {}
67
68						sub grant : Chained('/') Args(0) Does('OAuth2::GrantAuth') {
69						my ( $self, $c ) = @_;
70
71						my $oauth2 = $c->req->oauth2;
72
73						$c->user_exists and $oauth2->user_is_valid(1)
74						or $c->detach('/passthrulogin');
75						}
76
77						sub token : Chained('/') Args(0) Does('OAuth2::AuthToken::ViaAuthGrant') {}
78
79						sub refresh : Chained('/') Args(0) Does('OAuth2::AuthToken::ViaRefreshToken') {}
80
81						1;
82
83						=head1 DESCRIPTION
84
85						This module implements the authorization grant subset of the L<oauth 2 ietf
86						spec draft\|http://tools.ietf.org/html/draft-ietf-oauth-v2-23>. Action roles
87						containing an implementation of each required endpoint in the specification
88						are provided and should be applied to a L<Catalyst::Controller::ActionRole>.
89						The authorization grant flow is defined by the specification as follows:
90
91						+--------+ +---------------+
92						\| \|--(A)------- Authorization Grant --------->\| \|
93						\| \| \| \|
94						\| \|<-(B)----------- Access Token -------------\| \|
95						\| \| & Refresh Token \| \|
96						\| \| \| \|
97						\| \| +----------+ \| \|
98						\| \|--(C)---- Access Token ---->\| \| \| \|
99						\| \| \| \| \| \|
100						\| \|<-(D)- Protected Resource --\| Resource \| \| Authorization \|
101						\| Client \| \| Server \| \| Server \|
102						\| \|--(E)---- Access Token ---->\| \| \| \|
103						\| \| \| \| \| \|
104						\| \|<-(F)- Invalid Token Error -\| \| \| \|
105						\| \| +----------+ \| \|
106						\| \| \| \|
107						\| \|--(G)----------- Refresh Token ----------->\| \|
108						\| \| \| \|
109						\| \|<-(H)----------- Access Token -------------\| \|
110						+--------+ & Optional Refresh Token +---------------+
111
112						The action roles should be applied to actions in a single controller, and no
113						more than one action of each role type should be present.
114
115						Here is an overview of what roles are involved in each of those phases:
116
117						=over
118
119						=item A - L<Catalyst::ActionRole::OAuth2::RequestAuth>
120
121						Required
122
123						This is the action where the authentication grant flow begins, it validades
124						and sanitizes the request parameters and generates an authorization code which
125						is used for issuing a valid request to the GrantAuth action via a redirect.
126						The authorization code is only generated if all parameters are well-formed and
127						valid, this ensures that requests to the GrantAuth action can trust the
128						request parameters if a valid authorization code is presented.
129
130						=item B - L<Catalyst::ActionRole::OAuth2::GrantAuth>
131
132						Required
133
134						This action checks the request parameters for a valid authorization code,
135						which should have been generated by a previous request to a RequestAuth
136						action. This action should be customized to somehow confirm with the end-user
137						if he wishes to effectively grant the authorization to the requesting
138						client/app. The user-agent is redirected automatically to the correct endpoint
139						if the authorization is granted.
140
141						=item C and D - L<Catalyst::ActionRole::OAuth2::AuthToken::ViaAuthGrant>
142
143						Required
144
145						This action exchanges a valid authorization grant code and responds with an
146						authorization token.
147
148						=item G and H - L<Catalyst::ActionRole::OAuth2::AuthToken::ViaRefreshToken>
149
150						Optional
151
152						This action exchanges a valid refresh token for a new access token and refresh
153						token.
154
155						=back
156
157						=head1 CONFIGURATION
158
159						=head2 store
160
161						Takes a hashref containing two keys:
162
163						=over
164
165						=item class
166
167						The store type to use, so far, only DBIC support is provided
168
169						=item client_model
170
171						The entity representing the client in your schema
172
173						=back
174
175						=head1 SPONSORSHIP
176
177						This module exists due to the wonderful people at Suretec Systems Ltd.
178						<http://www.suretecsystems.com/> who sponsored its development for its
179						VoIP division called SureVoIP <http://www.surevoip.co.uk/> for use with
180						the SureVoIP API -
181						<http://www.surevoip.co.uk/support/wiki/api_documentation>
182
183						=head1 AUTHOR
184
185						Eden Cardim <edencardim@gmail.com>
186
187						=head1 COPYRIGHT AND LICENSE
188
189						This software is copyright (c) 2017 by Suretec Systems Ltd.
190
191						This is free software; you can redistribute it and/or modify it under
192						the same terms as the Perl 5 programming language system itself.
193
194						=cut