File Coverage

blib/lib/CatalystX/OAuth2.pm
Criterion Covered Total %
statement 9 9 100.0
branch 2 2 100.0
condition n/a
subroutine 3 3 100.0
pod 0 1 0.0
total 14 15 93.3


line stmt bran cond sub pod time code
1             package CatalystX::OAuth2;
2 8     8   4892 use Moose::Role;
  8         20  
  8         62  
3              
4             # ABSTRACT: OAuth2 services for Catalyst
5              
6              
7             requires '_build_query_parameters';
8              
9             # spec isn't clear re missing endpoint uris
10             has redirect_uri => ( is => 'ro', required => 0 );
11              
12             has store => (
13             is => 'rw',
14             does => 'CatalystX::OAuth2::Store',
15             init_arg => undef,
16             predicate => 'has_store'
17             );
18              
19             has query_parameters => ( is => 'rw', init_arg => undef, lazy_build => 1 );
20              
21 27     27   233 sub _params {qw(response_type redirect_uri scope state client_id)}
22              
23             sub BUILD {
24 27     27 0 46410 my ( $self, $args ) = @_;
25 27         170 delete @{$args}{ $self->_params() };
  27         146  
26 27 100       229 if ( my @extra = keys %$args ) {
27 3         170 $self->query_parameters(
28             { error => 'invalid_request',
29             error_description => 'unrecognized parameters: '
30             . join( ', ', @extra )
31             }
32             );
33             }
34             }
35              
36              
37             1;
38              
39             __END__
40              
41             =pod
42              
43             =head1 NAME
44              
45             CatalystX::OAuth2 - OAuth2 services for Catalyst
46              
47             =head1 VERSION
48              
49             version 0.001007
50              
51             =head1 SYNOPSIS
52              
53             package AuthServer::Controller::OAuth2::Provider;
54             use Moose;
55             BEGIN { extends 'Catalyst::Controller::ActionRole' }
56              
57             with 'CatalystX::OAuth2::Controller::Role::Provider';
58              
59             __PACKAGE__->config(
60             store => {
61             class => 'DBIC',
62             client_model => 'DB::Client'
63             }
64             );
65              
66             sub request : Chained('/') Args(0) Does('OAuth2::RequestAuth') {}
67              
68             sub grant : Chained('/') Args(0) Does('OAuth2::GrantAuth') {
69             my ( $self, $c ) = @_;
70              
71             my $oauth2 = $c->req->oauth2;
72              
73             $c->user_exists and $oauth2->user_is_valid(1)
74             or $c->detach('/passthrulogin');
75             }
76              
77             sub token : Chained('/') Args(0) Does('OAuth2::AuthToken::ViaAuthGrant') {}
78              
79             sub refresh : Chained('/') Args(0) Does('OAuth2::AuthToken::ViaRefreshToken') {}
80              
81             1;
82              
83             =head1 DESCRIPTION
84              
85             This module implements the authorization grant subset of the L<oauth 2 ietf
86             spec draft|http://tools.ietf.org/html/draft-ietf-oauth-v2-23>. Action roles
87             containing an implementation of each required endpoint in the specification
88             are provided and should be applied to a L<Catalyst::Controller::ActionRole>.
89             The authorization grant flow is defined by the specification as follows:
90              
91             +--------+ +---------------+
92             | |--(A)------- Authorization Grant --------->| |
93             | | | |
94             | |<-(B)----------- Access Token -------------| |
95             | | & Refresh Token | |
96             | | | |
97             | | +----------+ | |
98             | |--(C)---- Access Token ---->| | | |
99             | | | | | |
100             | |<-(D)- Protected Resource --| Resource | | Authorization |
101             | Client | | Server | | Server |
102             | |--(E)---- Access Token ---->| | | |
103             | | | | | |
104             | |<-(F)- Invalid Token Error -| | | |
105             | | +----------+ | |
106             | | | |
107             | |--(G)----------- Refresh Token ----------->| |
108             | | | |
109             | |<-(H)----------- Access Token -------------| |
110             +--------+ & Optional Refresh Token +---------------+
111              
112             The action roles should be applied to actions in a single controller, and no
113             more than one action of each role type should be present.
114              
115             Here is an overview of what roles are involved in each of those phases:
116              
117             =over
118              
119             =item A - L<Catalyst::ActionRole::OAuth2::RequestAuth>
120              
121             Required
122              
123             This is the action where the authentication grant flow begins, it validades
124             and sanitizes the request parameters and generates an authorization code which
125             is used for issuing a valid request to the GrantAuth action via a redirect.
126             The authorization code is only generated if all parameters are well-formed and
127             valid, this ensures that requests to the GrantAuth action can trust the
128             request parameters if a valid authorization code is presented.
129              
130             =item B - L<Catalyst::ActionRole::OAuth2::GrantAuth>
131              
132             Required
133              
134             This action checks the request parameters for a valid authorization code,
135             which should have been generated by a previous request to a RequestAuth
136             action. This action should be customized to somehow confirm with the end-user
137             if he wishes to effectively grant the authorization to the requesting
138             client/app. The user-agent is redirected automatically to the correct endpoint
139             if the authorization is granted.
140              
141             =item C and D - L<Catalyst::ActionRole::OAuth2::AuthToken::ViaAuthGrant>
142              
143             Required
144              
145             This action exchanges a valid authorization grant code and responds with an
146             authorization token.
147              
148             =item G and H - L<Catalyst::ActionRole::OAuth2::AuthToken::ViaRefreshToken>
149              
150             Optional
151              
152             This action exchanges a valid refresh token for a new access token and refresh
153             token.
154              
155             =back
156              
157             =head1 CONFIGURATION
158              
159             =head2 store
160              
161             Takes a hashref containing two keys:
162              
163             =over
164              
165             =item class
166              
167             The store type to use, so far, only DBIC support is provided
168              
169             =item client_model
170              
171             The entity representing the client in your schema
172              
173             =back
174              
175             =head1 SPONSORSHIP
176              
177             This module exists due to the wonderful people at Suretec Systems Ltd.
178             <http://www.suretecsystems.com/> who sponsored its development for its
179             VoIP division called SureVoIP <http://www.surevoip.co.uk/> for use with
180             the SureVoIP API -
181             <http://www.surevoip.co.uk/support/wiki/api_documentation>
182              
183             =head1 AUTHOR
184              
185             Eden Cardim <edencardim@gmail.com>
186              
187             =head1 COPYRIGHT AND LICENSE
188              
189             This software is copyright (c) 2017 by Suretec Systems Ltd.
190              
191             This is free software; you can redistribute it and/or modify it under
192             the same terms as the Perl 5 programming language system itself.
193              
194             =cut