line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
|
|
|
|
|
|
package Mojolicious::Plugin::OAuth2::Server; |
2
|
|
|
|
|
|
|
|
3
|
|
|
|
|
|
|
=head1 NAME |
4
|
|
|
|
|
|
|
|
5
|
|
|
|
|
|
|
Mojolicious::Plugin::OAuth2::Server - Easier implementation of an OAuth2 |
6
|
|
|
|
|
|
|
Authorization Server / Resource Server with Mojolicious |
7
|
|
|
|
|
|
|
|
8
|
|
|
|
|
|
|
=for html |
9
|
|
|
|
|
|
|
|
10
|
|
|
|
|
|
|
|
11
|
|
|
|
|
|
|
|
12
|
|
|
|
|
|
|
=head1 VERSION |
13
|
|
|
|
|
|
|
|
14
|
|
|
|
|
|
|
0.49 |
15
|
|
|
|
|
|
|
|
16
|
|
|
|
|
|
|
=head1 SYNOPSIS |
17
|
|
|
|
|
|
|
|
18
|
|
|
|
|
|
|
use Mojolicious::Lite; |
19
|
|
|
|
|
|
|
|
20
|
|
|
|
|
|
|
plugin 'OAuth2::Server' => { |
21
|
|
|
|
|
|
|
... # see SYNOPSIS in Net::OAuth2::AuthorizationServer::Manual |
22
|
|
|
|
|
|
|
}; |
23
|
|
|
|
|
|
|
|
24
|
|
|
|
|
|
|
group { |
25
|
|
|
|
|
|
|
# /api - must be authorized |
26
|
|
|
|
|
|
|
under '/api' => sub { |
27
|
|
|
|
|
|
|
my ( $c ) = @_; |
28
|
|
|
|
|
|
|
|
29
|
|
|
|
|
|
|
return 1 if $c->oauth; # must be authorized via oauth |
30
|
|
|
|
|
|
|
|
31
|
|
|
|
|
|
|
$c->render( status => 401, text => 'Unauthorized' ); |
32
|
|
|
|
|
|
|
return undef; |
33
|
|
|
|
|
|
|
}; |
34
|
|
|
|
|
|
|
|
35
|
|
|
|
|
|
|
any '/annoy_friends' => sub { shift->render( text => "Annoyed Friends" ); }; |
36
|
|
|
|
|
|
|
any '/post_image' => sub { shift->render( text => "Posted Image" ); }; |
37
|
|
|
|
|
|
|
}; |
38
|
|
|
|
|
|
|
|
39
|
|
|
|
|
|
|
any '/track_location' => sub { |
40
|
|
|
|
|
|
|
my ( $c ) = @_; |
41
|
|
|
|
|
|
|
|
42
|
|
|
|
|
|
|
my $oauth_details = $c->oauth( 'track_location' ) |
43
|
|
|
|
|
|
|
|| return $c->render( status => 401, text => 'You cannot track location' ); |
44
|
|
|
|
|
|
|
|
45
|
|
|
|
|
|
|
$c->render( text => "Target acquired: @{[$oauth_details->{user_id}]}" ); |
46
|
|
|
|
|
|
|
}; |
47
|
|
|
|
|
|
|
|
48
|
|
|
|
|
|
|
app->start; |
49
|
|
|
|
|
|
|
|
50
|
|
|
|
|
|
|
Or full fat app: |
51
|
|
|
|
|
|
|
|
52
|
|
|
|
|
|
|
use Mojo::Base 'Mojolicious'; |
53
|
|
|
|
|
|
|
|
54
|
|
|
|
|
|
|
... |
55
|
|
|
|
|
|
|
|
56
|
|
|
|
|
|
|
sub startup { |
57
|
|
|
|
|
|
|
my $self = shift; |
58
|
|
|
|
|
|
|
|
59
|
|
|
|
|
|
|
... |
60
|
|
|
|
|
|
|
|
61
|
|
|
|
|
|
|
$self->plugin( 'OAuth2::Server' => $oauth2_auth_code_grant_config ); |
62
|
|
|
|
|
|
|
} |
63
|
|
|
|
|
|
|
|
64
|
|
|
|
|
|
|
Then in your controller: |
65
|
|
|
|
|
|
|
|
66
|
|
|
|
|
|
|
sub my_route_name { |
67
|
|
|
|
|
|
|
my ( $c ) = @_; |
68
|
|
|
|
|
|
|
|
69
|
|
|
|
|
|
|
if ( my $oauth_details = $c->oauth( qw/required scopes/ ) ) { |
70
|
|
|
|
|
|
|
... # do something, user_id, client_id, etc, available in $oauth_details |
71
|
|
|
|
|
|
|
} else { |
72
|
|
|
|
|
|
|
return $c->render( status => 401, text => 'Unauthorized' ); |
73
|
|
|
|
|
|
|
} |
74
|
|
|
|
|
|
|
|
75
|
|
|
|
|
|
|
... |
76
|
|
|
|
|
|
|
} |
77
|
|
|
|
|
|
|
|
78
|
|
|
|
|
|
|
=head1 DESCRIPTION |
79
|
|
|
|
|
|
|
|
80
|
|
|
|
|
|
|
This plugin implements the various OAuth2 grant types flow as described at |
81
|
|
|
|
|
|
|
L. It is a complete implementation of |
82
|
|
|
|
|
|
|
RFC6749, with the exception of the "Extension Grants" as the description of |
83
|
|
|
|
|
|
|
that grant type is rather hand-wavy. |
84
|
|
|
|
|
|
|
|
85
|
|
|
|
|
|
|
The bulk of the functionality is implemented in the L |
86
|
|
|
|
|
|
|
distribution, you should see that for more comprehensive documentation and |
87
|
|
|
|
|
|
|
examples of usage. |
88
|
|
|
|
|
|
|
|
89
|
|
|
|
|
|
|
The examples here use the "Authorization Code Grant" flow as that is considered |
90
|
|
|
|
|
|
|
the most secure and most complete form of OAuth2. |
91
|
|
|
|
|
|
|
|
92
|
|
|
|
|
|
|
=cut |
93
|
|
|
|
|
|
|
|
94
|
21
|
|
|
21
|
|
54123
|
use strict; |
|
21
|
|
|
|
|
42
|
|
|
21
|
|
|
|
|
555
|
|
95
|
21
|
|
|
21
|
|
95
|
use warnings; |
|
21
|
|
|
|
|
38
|
|
|
21
|
|
|
|
|
526
|
|
96
|
21
|
|
|
21
|
|
93
|
use base qw/ Mojolicious::Plugin /; |
|
21
|
|
|
|
|
37
|
|
|
21
|
|
|
|
|
1944
|
|
97
|
|
|
|
|
|
|
|
98
|
21
|
|
|
21
|
|
126
|
use Mojo::URL; |
|
21
|
|
|
|
|
38
|
|
|
21
|
|
|
|
|
199
|
|
99
|
21
|
|
|
21
|
|
580
|
use Mojo::Parameters; |
|
21
|
|
|
|
|
36
|
|
|
21
|
|
|
|
|
141
|
|
100
|
21
|
|
|
21
|
|
602
|
use Mojo::Util qw/ b64_decode url_unescape /; |
|
21
|
|
|
|
|
45
|
|
|
21
|
|
|
|
|
1129
|
|
101
|
21
|
|
|
21
|
|
7838
|
use Net::OAuth2::AuthorizationServer; |
|
21
|
|
|
|
|
8407095
|
|
|
21
|
|
|
|
|
712
|
|
102
|
21
|
|
|
21
|
|
194
|
use Carp qw/ croak /; |
|
21
|
|
|
|
|
50
|
|
|
21
|
|
|
|
|
42602
|
|
103
|
|
|
|
|
|
|
|
104
|
|
|
|
|
|
|
our $VERSION = '0.49'; |
105
|
|
|
|
|
|
|
|
106
|
|
|
|
|
|
|
my ( $AuthCodeGrant,$PasswordGrant,$ImplicitGrant,$ClientCredentialsGrant,$Grant,$JWTCallback ); |
107
|
|
|
|
|
|
|
|
108
|
|
|
|
|
|
|
=head1 METHODS |
109
|
|
|
|
|
|
|
|
110
|
|
|
|
|
|
|
=head2 register |
111
|
|
|
|
|
|
|
|
112
|
|
|
|
|
|
|
Registers the plugin with your app - note that you must pass callbacks for |
113
|
|
|
|
|
|
|
certain functions that the plugin expects to call if you are not using the |
114
|
|
|
|
|
|
|
plugin in its simplest form. |
115
|
|
|
|
|
|
|
|
116
|
|
|
|
|
|
|
$self->register($app, \%config); |
117
|
|
|
|
|
|
|
|
118
|
|
|
|
|
|
|
Registering the plugin will call the L |
119
|
|
|
|
|
|
|
and create a C that can be accessed using the defined |
120
|
|
|
|
|
|
|
C and C. The arguments passed to the |
121
|
|
|
|
|
|
|
plugin are passed straight through to the C method in |
122
|
|
|
|
|
|
|
the L module. |
123
|
|
|
|
|
|
|
|
124
|
|
|
|
|
|
|
=head2 oauth |
125
|
|
|
|
|
|
|
|
126
|
|
|
|
|
|
|
Checks if there is a valid Authorization: Bearer header with a valid access |
127
|
|
|
|
|
|
|
token and if the access token has the requisite scopes. The scopes are optional: |
128
|
|
|
|
|
|
|
|
129
|
|
|
|
|
|
|
unless ( my $oauth_details = $c->oauth( @scopes ) ) { |
130
|
|
|
|
|
|
|
return $c->render( status => 401, text => 'Unauthorized' ); |
131
|
|
|
|
|
|
|
} |
132
|
|
|
|
|
|
|
|
133
|
|
|
|
|
|
|
This calls the L |
134
|
|
|
|
|
|
|
module (C method) to validate the access/refresh token. |
135
|
|
|
|
|
|
|
|
136
|
|
|
|
|
|
|
=head2 oauth2_auth_request |
137
|
|
|
|
|
|
|
|
138
|
|
|
|
|
|
|
This is a helper to allow you get get the redirect URI instead of directing |
139
|
|
|
|
|
|
|
a user to the authorize_route - it requires the details of the client: |
140
|
|
|
|
|
|
|
|
141
|
|
|
|
|
|
|
my $redirect_uri = $c->oauth2_auth_request({ |
142
|
|
|
|
|
|
|
client_id => $client_id, |
143
|
|
|
|
|
|
|
redirect_uri => 'https://foo', |
144
|
|
|
|
|
|
|
response_type => 'token', |
145
|
|
|
|
|
|
|
scope => 'list,of,scopes', |
146
|
|
|
|
|
|
|
state => 'foo=bar&baz=boz', |
147
|
|
|
|
|
|
|
}); |
148
|
|
|
|
|
|
|
|
149
|
|
|
|
|
|
|
if ( $redirect_uri ) { |
150
|
|
|
|
|
|
|
# do something with $redirect_uri |
151
|
|
|
|
|
|
|
} else { |
152
|
|
|
|
|
|
|
# something didn't work, e.g. bad client, scopes, etc |
153
|
|
|
|
|
|
|
} |
154
|
|
|
|
|
|
|
|
155
|
|
|
|
|
|
|
You can use this helper instead of directing a user to the authorize_route if |
156
|
|
|
|
|
|
|
you need to do something more involved with the redirect_uri rather than |
157
|
|
|
|
|
|
|
having the plugin direct to the user to the resulting redirect uri |
158
|
|
|
|
|
|
|
|
159
|
|
|
|
|
|
|
=cut |
160
|
|
|
|
|
|
|
|
161
|
|
|
|
|
|
|
my $warned_dep = 0; |
162
|
|
|
|
|
|
|
|
163
|
|
|
|
|
|
|
sub register { |
164
|
21
|
|
|
21
|
1
|
1371
|
my ( $self,$app,$config ) = @_; |
165
|
|
|
|
|
|
|
|
166
|
21
|
|
100
|
|
|
193
|
my $auth_route = $config->{authorize_route} // '/oauth/authorize'; |
167
|
21
|
|
100
|
|
|
103
|
my $atoken_route = $config->{access_token_route} // '/oauth/access_token'; |
168
|
|
|
|
|
|
|
|
169
|
21
|
50
|
66
|
|
|
106
|
if ( $config->{users} && ! $config->{jwt_secret} ) { |
170
|
0
|
|
|
|
|
0
|
croak "You MUST provide a jwt_secret to use the password grant (users supplied)"; |
171
|
|
|
|
|
|
|
} |
172
|
|
|
|
|
|
|
|
173
|
21
|
|
|
|
|
154
|
my $Server = Net::OAuth2::AuthorizationServer->new; |
174
|
|
|
|
|
|
|
|
175
|
|
|
|
|
|
|
# note that access_tokens and refresh_tokens will not be shared between |
176
|
|
|
|
|
|
|
# the various grant type objects, so if you need to support |
177
|
|
|
|
|
|
|
# both then you *must* either supply a jwt_secret or supply callbacks |
178
|
|
|
|
|
|
|
$AuthCodeGrant = $Server->auth_code_grant( |
179
|
147
|
|
100
|
|
|
542
|
( map { +"${_}_cb" => ( $config->{$_} // undef ) } qw/ |
180
|
|
|
|
|
|
|
verify_client store_auth_code verify_auth_code |
181
|
|
|
|
|
|
|
store_access_token verify_access_token |
182
|
|
|
|
|
|
|
login_resource_owner confirm_by_resource_owner |
183
|
|
|
|
|
|
|
/ ), |
184
|
21
|
|
|
|
|
691
|
%{ $config }, |
|
21
|
|
|
|
|
143
|
|
185
|
|
|
|
|
|
|
); |
186
|
|
|
|
|
|
|
|
187
|
|
|
|
|
|
|
$PasswordGrant = $Server->password_grant( |
188
|
120
|
|
100
|
|
|
767
|
( map { +"${_}_cb" => ( $config->{$_} // undef ) } qw/ |
189
|
|
|
|
|
|
|
verify_client verify_user_password |
190
|
|
|
|
|
|
|
store_access_token verify_access_token |
191
|
|
|
|
|
|
|
login_resource_owner confirm_by_resource_owner |
192
|
|
|
|
|
|
|
/ ), |
193
|
20
|
|
|
|
|
191516
|
%{ $config }, |
|
20
|
|
|
|
|
119
|
|
194
|
|
|
|
|
|
|
); |
195
|
|
|
|
|
|
|
|
196
|
|
|
|
|
|
|
$ImplicitGrant = $Server->implicit_grant( |
197
|
100
|
|
100
|
|
|
471
|
( map { +"${_}_cb" => ( $config->{$_} // undef ) } qw/ |
198
|
|
|
|
|
|
|
verify_client store_access_token verify_access_token |
199
|
|
|
|
|
|
|
login_resource_owner confirm_by_resource_owner |
200
|
|
|
|
|
|
|
/ ), |
201
|
20
|
|
|
|
|
140260
|
%{ $config }, |
|
20
|
|
|
|
|
117
|
|
202
|
|
|
|
|
|
|
); |
203
|
|
|
|
|
|
|
|
204
|
|
|
|
|
|
|
$ClientCredentialsGrant = $Server->client_credentials_grant( |
205
|
60
|
|
100
|
|
|
303
|
( map { +"${_}_cb" => ( $config->{$_} // undef ) } qw/ |
206
|
|
|
|
|
|
|
verify_client store_access_token verify_access_token |
207
|
|
|
|
|
|
|
/ ), |
208
|
20
|
|
|
|
|
122670
|
%{ $config }, |
|
20
|
|
|
|
|
117
|
|
209
|
|
|
|
|
|
|
); |
210
|
|
|
|
|
|
|
|
211
|
20
|
|
|
|
|
131682
|
$JWTCallback = $config->{jwt_claims}; |
212
|
|
|
|
|
|
|
|
213
|
|
|
|
|
|
|
$app->routes->get( |
214
|
47
|
|
|
47
|
|
557422
|
$auth_route => sub { _authorization_request( @_ ) }, |
215
|
20
|
|
|
|
|
226
|
); |
216
|
|
|
|
|
|
|
|
217
|
|
|
|
|
|
|
$app->helper( oauth2_auth_request => sub { |
218
|
1
|
|
|
1
|
|
14599
|
my ( $c,$args ) = @_; |
219
|
1
|
|
|
|
|
4
|
_authorization_request( $c,$args,1 ); |
220
|
20
|
|
|
|
|
9895
|
} ); |
221
|
|
|
|
|
|
|
|
222
|
|
|
|
|
|
|
$app->routes->post( |
223
|
67
|
|
|
67
|
|
4621481
|
$atoken_route => sub { _access_token_request( @_ ) }, |
224
|
20
|
|
|
|
|
2741
|
); |
225
|
|
|
|
|
|
|
|
226
|
|
|
|
|
|
|
$app->helper( |
227
|
|
|
|
|
|
|
oauth => sub { |
228
|
100
|
|
|
100
|
|
4755274
|
my $c = shift; |
229
|
100
|
|
|
|
|
225
|
my @scopes = @_; |
230
|
100
|
|
66
|
|
|
279
|
$Grant ||= $AuthCodeGrant; |
231
|
100
|
|
|
|
|
435
|
my @res = $Grant->verify_token_and_scope( |
232
|
|
|
|
|
|
|
scopes => [ @scopes ], |
233
|
|
|
|
|
|
|
auth_header => $c->req->headers->header( 'Authorization' ), |
234
|
|
|
|
|
|
|
mojo_controller => $c, |
235
|
|
|
|
|
|
|
); |
236
|
|
|
|
|
|
|
|
237
|
100
|
|
|
|
|
17190
|
my $oauth_details = $res[0]; |
238
|
|
|
|
|
|
|
|
239
|
100
|
100
|
|
|
|
317
|
if ( ref( $oauth_details ) ) { |
240
|
32
|
|
66
|
|
|
124
|
$oauth_details->{client_id} ||= $oauth_details->{client}; |
241
|
|
|
|
|
|
|
} |
242
|
|
|
|
|
|
|
|
243
|
100
|
|
|
|
|
285
|
return $oauth_details; |
244
|
|
|
|
|
|
|
}, |
245
|
20
|
|
|
|
|
5807
|
); |
246
|
|
|
|
|
|
|
} |
247
|
|
|
|
|
|
|
|
248
|
|
|
|
|
|
|
sub _authorization_request { |
249
|
48
|
|
|
48
|
|
139
|
my ( $self,$args,$is_helper ) = @_; |
250
|
|
|
|
|
|
|
|
251
|
48
|
|
100
|
|
|
330
|
$args //= {}; |
252
|
|
|
|
|
|
|
|
253
|
48
|
|
100
|
|
|
247
|
my $client_id = $args->{client_id} // $self->param( 'client_id' ); |
254
|
48
|
|
100
|
|
|
19909
|
my $uri = $args->{redirect_uri} // $self->param( 'redirect_uri' ); |
255
|
48
|
|
100
|
|
|
2747
|
my $type = $args->{response_type} // $self->param( 'response_type' ); |
256
|
48
|
|
66
|
|
|
2517
|
my $scope = $args->{scope} // $self->param( 'scope' ); |
257
|
48
|
|
66
|
|
|
2628
|
my $state = $args->{state} // $self->param( 'state' ); |
258
|
48
|
|
100
|
|
|
2389
|
my $user_id = $args->{user_id} // undef; |
259
|
|
|
|
|
|
|
|
260
|
48
|
100
|
|
|
|
230
|
my @scopes = $scope ? split( / /,$scope ) : (); |
261
|
|
|
|
|
|
|
|
262
|
48
|
100
|
100
|
|
|
506
|
if ( |
|
|
|
66
|
|
|
|
|
263
|
|
|
|
|
|
|
! defined( $client_id ) |
264
|
|
|
|
|
|
|
or ! defined( $type ) |
265
|
|
|
|
|
|
|
or $type !~ /^(code|token)$/ |
266
|
|
|
|
|
|
|
) { |
267
|
12
|
|
|
|
|
87
|
$self->render( |
268
|
|
|
|
|
|
|
status => 400, |
269
|
|
|
|
|
|
|
json => { |
270
|
|
|
|
|
|
|
error => 'invalid_request', |
271
|
|
|
|
|
|
|
error_description => 'the request was missing one of: client_id, ' |
272
|
|
|
|
|
|
|
. 'response_type;' |
273
|
|
|
|
|
|
|
. 'or response_type did not equal "code" or "token"', |
274
|
|
|
|
|
|
|
error_uri => '', |
275
|
|
|
|
|
|
|
} |
276
|
|
|
|
|
|
|
); |
277
|
12
|
|
|
|
|
5909
|
return; |
278
|
|
|
|
|
|
|
} |
279
|
|
|
|
|
|
|
|
280
|
36
|
100
|
|
|
|
145
|
$Grant = $type eq 'token' ? $ImplicitGrant : $AuthCodeGrant; |
281
|
|
|
|
|
|
|
|
282
|
36
|
|
|
|
|
140
|
my $mojo_url = Mojo::URL->new( $uri ); |
283
|
36
|
|
|
|
|
2940
|
my ( $res,$error,$error_description ) = $Grant->verify_client( |
284
|
|
|
|
|
|
|
client_id => $client_id, |
285
|
|
|
|
|
|
|
redirect_uri => $uri, |
286
|
|
|
|
|
|
|
scopes => [ @scopes ], |
287
|
|
|
|
|
|
|
mojo_controller => $self, |
288
|
|
|
|
|
|
|
response_type => $type, |
289
|
|
|
|
|
|
|
); |
290
|
|
|
|
|
|
|
|
291
|
36
|
100
|
|
|
|
4026
|
if ( $res ) { |
292
|
|
|
|
|
|
|
|
293
|
19
|
100
|
|
|
|
107
|
if ( ! $Grant->login_resource_owner( |
294
|
|
|
|
|
|
|
mojo_controller => $self, |
295
|
|
|
|
|
|
|
client_id => $client_id, |
296
|
|
|
|
|
|
|
) ) { |
297
|
2
|
|
|
|
|
3248
|
$self->app->log->debug( "OAuth2::Server: Resource owner not logged in" ); |
298
|
|
|
|
|
|
|
# call to $resource_owner_logged_in method should have called redirect_to |
299
|
2
|
|
|
|
|
36
|
return; |
300
|
|
|
|
|
|
|
} else { |
301
|
17
|
|
|
|
|
436
|
$self->app->log->debug( "OAuth2::Server: Resource owner is logged in" ); |
302
|
17
|
|
|
|
|
331
|
$res = $Grant->confirm_by_resource_owner( |
303
|
|
|
|
|
|
|
client_id => $client_id, |
304
|
|
|
|
|
|
|
scopes => [ @scopes ], |
305
|
|
|
|
|
|
|
mojo_controller => $self, |
306
|
|
|
|
|
|
|
); |
307
|
17
|
100
|
|
|
|
996
|
if ( ! defined $res ) { |
|
|
100
|
|
|
|
|
|
308
|
1
|
|
|
|
|
6
|
$self->app->log->debug( "OAuth2::Server: Resource owner to confirm scopes" ); |
309
|
|
|
|
|
|
|
# call to $resource_owner_confirms method should have called redirect_to |
310
|
1
|
|
|
|
|
14
|
return; |
311
|
|
|
|
|
|
|
} |
312
|
|
|
|
|
|
|
elsif ( $res == 0 ) { |
313
|
1
|
|
|
|
|
4
|
$self->app->log->debug( "OAuth2::Server: Resource owner denied scopes" ); |
314
|
1
|
|
|
|
|
11
|
$error = 'access_denied'; |
315
|
1
|
|
50
|
|
|
10
|
$error_description //= 'resource owner denied access'; |
316
|
|
|
|
|
|
|
} |
317
|
|
|
|
|
|
|
} |
318
|
|
|
|
|
|
|
} |
319
|
|
|
|
|
|
|
|
320
|
33
|
100
|
|
|
|
112
|
if ( $res ) { |
|
|
50
|
|
|
|
|
|
321
|
|
|
|
|
|
|
|
322
|
15
|
100
|
|
|
|
79
|
return _maybe_generate_access_token( |
323
|
|
|
|
|
|
|
$self,$mojo_url,$client_id,[ @scopes ],$state,$is_helper,$user_id |
324
|
|
|
|
|
|
|
) if $type eq 'token'; # implicit grant |
325
|
|
|
|
|
|
|
|
326
|
12
|
|
|
|
|
55
|
$self->app->log->debug( "OAuth2::Server: Generating auth code for $client_id" ); |
327
|
12
|
|
|
|
|
200
|
my $auth_code = $Grant->token( |
328
|
|
|
|
|
|
|
client_id => $client_id, |
329
|
|
|
|
|
|
|
scopes => [ @scopes ], |
330
|
|
|
|
|
|
|
type => 'auth', |
331
|
|
|
|
|
|
|
redirect_uri => $uri, |
332
|
|
|
|
|
|
|
jwt_claims_cb => $JWTCallback, |
333
|
|
|
|
|
|
|
user_id => $user_id, |
334
|
|
|
|
|
|
|
); |
335
|
|
|
|
|
|
|
|
336
|
12
|
|
|
|
|
5021
|
$Grant->store_auth_code( |
337
|
|
|
|
|
|
|
auth_code => $auth_code, |
338
|
|
|
|
|
|
|
client_id => $client_id, |
339
|
|
|
|
|
|
|
expires_in => $Grant->auth_code_ttl, |
340
|
|
|
|
|
|
|
redirect_uri => $uri, |
341
|
|
|
|
|
|
|
scopes => [ @scopes ], |
342
|
|
|
|
|
|
|
mojo_controller => $self, |
343
|
|
|
|
|
|
|
); |
344
|
|
|
|
|
|
|
|
345
|
12
|
|
|
|
|
873
|
$mojo_url->query->append( code => $auth_code ); |
346
|
|
|
|
|
|
|
|
347
|
|
|
|
|
|
|
} elsif ( $error ) { |
348
|
18
|
|
|
|
|
54
|
$mojo_url->query->append( error => $error ); |
349
|
18
|
100
|
|
|
|
563
|
$mojo_url->query->append( error_description => $error_description ) if $error_description; |
350
|
|
|
|
|
|
|
} else { |
351
|
|
|
|
|
|
|
# callback has not returned anything, assume server error |
352
|
0
|
|
|
|
|
0
|
$mojo_url->query->append( |
353
|
|
|
|
|
|
|
error => 'server_error', |
354
|
|
|
|
|
|
|
error_description => 'call to verify_client returned unexpected value', |
355
|
|
|
|
|
|
|
); |
356
|
|
|
|
|
|
|
} |
357
|
|
|
|
|
|
|
|
358
|
30
|
100
|
|
|
|
557
|
$mojo_url->query->append( state => $state ) if defined( $state ); |
359
|
|
|
|
|
|
|
|
360
|
30
|
50
|
|
|
|
748
|
return $is_helper ? $mojo_url : $self->redirect_to( $mojo_url ); |
361
|
|
|
|
|
|
|
} |
362
|
|
|
|
|
|
|
|
363
|
|
|
|
|
|
|
sub _maybe_generate_access_token { |
364
|
3
|
|
|
3
|
|
10
|
my ( $self,$mojo_url,$client,$scope,$state,$is_helper,$user_id ) = @_; |
365
|
|
|
|
|
|
|
|
366
|
3
|
50
|
|
|
|
22
|
my $access_token_ttl = $Grant->can('get_access_token_ttl') |
367
|
|
|
|
|
|
|
? $Grant->get_access_token_ttl( |
368
|
|
|
|
|
|
|
scopes => $scope, |
369
|
|
|
|
|
|
|
client_id => $client, |
370
|
|
|
|
|
|
|
) |
371
|
|
|
|
|
|
|
: $Grant->access_token_ttl; |
372
|
|
|
|
|
|
|
|
373
|
3
|
|
|
|
|
38
|
my $access_token = $Grant->token( |
374
|
|
|
|
|
|
|
client_id => $client, |
375
|
|
|
|
|
|
|
scopes => $scope, |
376
|
|
|
|
|
|
|
type => 'access', |
377
|
|
|
|
|
|
|
jwt_claims_cb => $JWTCallback, |
378
|
|
|
|
|
|
|
user_id => $user_id, |
379
|
|
|
|
|
|
|
); |
380
|
|
|
|
|
|
|
|
381
|
3
|
|
|
|
|
1390
|
$Grant->store_access_token( |
382
|
|
|
|
|
|
|
client_id => $client, |
383
|
|
|
|
|
|
|
access_token => $access_token, |
384
|
|
|
|
|
|
|
expires_in => $access_token_ttl, |
385
|
|
|
|
|
|
|
scopes => $scope, |
386
|
|
|
|
|
|
|
mojo_controller => $self, |
387
|
|
|
|
|
|
|
); |
388
|
|
|
|
|
|
|
|
389
|
|
|
|
|
|
|
# http://example.com/cb#access_token=2YotnFZFEjr1zCsicMWpAA |
390
|
|
|
|
|
|
|
# &state=xyz&token_type=example&expires_in=3600 |
391
|
3
|
100
|
|
|
|
104
|
my $params = Mojo::Parameters->new( |
392
|
|
|
|
|
|
|
access_token => $access_token, |
393
|
|
|
|
|
|
|
token_type => 'bearer', |
394
|
|
|
|
|
|
|
expires_in => $access_token_ttl, |
395
|
|
|
|
|
|
|
( $state |
396
|
|
|
|
|
|
|
? ( state => $state ) |
397
|
|
|
|
|
|
|
: (), |
398
|
|
|
|
|
|
|
) |
399
|
|
|
|
|
|
|
); |
400
|
|
|
|
|
|
|
|
401
|
3
|
|
|
|
|
123
|
$mojo_url->fragment( url_unescape( $params->to_string ) ); |
402
|
3
|
100
|
|
|
|
977
|
return $is_helper ? $mojo_url : $self->redirect_to( $mojo_url ); |
403
|
|
|
|
|
|
|
} |
404
|
|
|
|
|
|
|
|
405
|
|
|
|
|
|
|
sub _access_token_request { |
406
|
67
|
|
|
67
|
|
161
|
my ( $self ) = @_; |
407
|
|
|
|
|
|
|
|
408
|
|
|
|
|
|
|
my ( |
409
|
|
|
|
|
|
|
$client_id,$client_secret,$grant_type,$auth_code,$uri, |
410
|
|
|
|
|
|
|
$refresh_token,$username,$password |
411
|
67
|
|
100
|
|
|
162
|
) = map { $self->param( $_ ) // undef } qw/ |
|
536
|
|
|
|
|
45921
|
|
412
|
|
|
|
|
|
|
client_id client_secret grant_type code redirect_uri |
413
|
|
|
|
|
|
|
refresh_token username password |
414
|
|
|
|
|
|
|
/; |
415
|
|
|
|
|
|
|
|
416
|
67
|
|
100
|
|
|
3331
|
$grant_type //=''; |
417
|
|
|
|
|
|
|
|
418
|
67
|
100
|
|
|
|
256
|
_access_token_request_check_params( |
419
|
|
|
|
|
|
|
$self,$grant_type,$username,$password,$auth_code,$uri |
420
|
|
|
|
|
|
|
) || return; |
421
|
|
|
|
|
|
|
|
422
|
42
|
|
|
|
|
103
|
my $json_response = {}; |
423
|
42
|
|
|
|
|
83
|
my $status = 400; |
424
|
|
|
|
|
|
|
|
425
|
42
|
100
|
|
|
|
167
|
$Grant = $grant_type eq 'password' |
|
|
100
|
|
|
|
|
|
426
|
|
|
|
|
|
|
? $PasswordGrant : $grant_type eq 'client_credentials' |
427
|
|
|
|
|
|
|
? $ClientCredentialsGrant : $AuthCodeGrant; |
428
|
|
|
|
|
|
|
|
429
|
42
|
|
|
|
|
163
|
my ( $client,$error,$scope,$user_id,$old_refresh_token,$error_description ) = _verify_credentials( |
430
|
|
|
|
|
|
|
$self,$Grant,$grant_type,$refresh_token,$client_id,$client_secret, |
431
|
|
|
|
|
|
|
$auth_code,$username,$password,$uri |
432
|
|
|
|
|
|
|
); |
433
|
|
|
|
|
|
|
|
434
|
42
|
100
|
|
|
|
145
|
if ( $client ) { |
|
|
50
|
|
|
|
|
|
435
|
|
|
|
|
|
|
|
436
|
22
|
50
|
|
|
|
180
|
$self->app->log->debug( "OAuth2::Server: Generating access token for @{[ ref $client ? $client->{client} : $client ]}" ); |
|
22
|
|
|
|
|
332
|
|
437
|
|
|
|
|
|
|
|
438
|
22
|
50
|
|
|
|
337
|
my $access_token_ttl = $Grant->can('get_access_token_ttl') |
439
|
|
|
|
|
|
|
? $Grant->get_access_token_ttl( |
440
|
|
|
|
|
|
|
scopes => $scope, |
441
|
|
|
|
|
|
|
client_id => $client_id, |
442
|
|
|
|
|
|
|
) |
443
|
|
|
|
|
|
|
: $Grant->access_token_ttl; |
444
|
|
|
|
|
|
|
|
445
|
22
|
|
|
|
|
332
|
my $access_token = $Grant->token( |
446
|
|
|
|
|
|
|
client_id => $client, |
447
|
|
|
|
|
|
|
scopes => $scope, |
448
|
|
|
|
|
|
|
type => 'access', |
449
|
|
|
|
|
|
|
user_id => $user_id, |
450
|
|
|
|
|
|
|
jwt_claims_cb => $JWTCallback, |
451
|
|
|
|
|
|
|
); |
452
|
|
|
|
|
|
|
|
453
|
22
|
|
|
|
|
7313
|
my $refresh_token = $Grant->token( |
454
|
|
|
|
|
|
|
client_id => $client, |
455
|
|
|
|
|
|
|
scopes => $scope, |
456
|
|
|
|
|
|
|
type => 'refresh', |
457
|
|
|
|
|
|
|
user_id => $user_id, |
458
|
|
|
|
|
|
|
jwt_claims_cb => $JWTCallback, |
459
|
|
|
|
|
|
|
); |
460
|
|
|
|
|
|
|
|
461
|
22
|
100
|
|
|
|
5444
|
$Grant->store_access_token( |
|
|
100
|
|
|
|
|
|
462
|
|
|
|
|
|
|
client_id => $client, |
463
|
|
|
|
|
|
|
( $grant_type ne 'password' ? ( auth_code => $auth_code ) : () ), |
464
|
|
|
|
|
|
|
access_token => $access_token, |
465
|
|
|
|
|
|
|
expires_in => $access_token_ttl, |
466
|
|
|
|
|
|
|
scopes => $scope, |
467
|
|
|
|
|
|
|
( $grant_type eq 'client_credentials' |
468
|
|
|
|
|
|
|
? () |
469
|
|
|
|
|
|
|
: ( |
470
|
|
|
|
|
|
|
refresh_token => $refresh_token, |
471
|
|
|
|
|
|
|
old_refresh_token => $old_refresh_token, |
472
|
|
|
|
|
|
|
) |
473
|
|
|
|
|
|
|
), |
474
|
|
|
|
|
|
|
mojo_controller => $self, |
475
|
|
|
|
|
|
|
); |
476
|
|
|
|
|
|
|
|
477
|
22
|
|
|
|
|
1555
|
$status = 200; |
478
|
|
|
|
|
|
|
$json_response = { |
479
|
|
|
|
|
|
|
# RFC6749 section 5.1 says that Access Token Response should include |
480
|
|
|
|
|
|
|
# the authorized scope when it does not match the requested scopes: |
481
|
|
|
|
|
|
|
# |
482
|
|
|
|
|
|
|
# OPTIONAL, if identical to the scope requested by the client; |
483
|
|
|
|
|
|
|
# otherwise, REQUIRED. The scope of the access token as |
484
|
|
|
|
|
|
|
# described by Section 3.3. |
485
|
|
|
|
|
|
|
( ! $old_refresh_token && $scope |
486
|
|
|
|
|
|
|
? ( scopes => ref( $scope ) eq 'HASH' |
487
|
22
|
100
|
66
|
|
|
269
|
? [ map { $_ } grep { $scope->{$_} } keys %{ $scope } ] |
|
2
|
100
|
|
|
|
17
|
|
|
4
|
100
|
|
|
|
10
|
|
|
2
|
|
|
|
|
8
|
|
488
|
|
|
|
|
|
|
: $scope ) |
489
|
|
|
|
|
|
|
: ()), |
490
|
|
|
|
|
|
|
|
491
|
|
|
|
|
|
|
access_token => $access_token, |
492
|
|
|
|
|
|
|
token_type => 'Bearer', |
493
|
|
|
|
|
|
|
expires_in => $access_token_ttl, |
494
|
|
|
|
|
|
|
( $grant_type eq 'client_credentials' |
495
|
|
|
|
|
|
|
? () |
496
|
|
|
|
|
|
|
: ( refresh_token => $refresh_token ), |
497
|
|
|
|
|
|
|
) |
498
|
|
|
|
|
|
|
}; |
499
|
|
|
|
|
|
|
|
500
|
|
|
|
|
|
|
} elsif ( $error ) { |
501
|
20
|
|
|
|
|
52
|
$json_response->{error} = $error; |
502
|
20
|
100
|
|
|
|
74
|
$json_response->{error_description} = $error_description if $error_description; |
503
|
|
|
|
|
|
|
} else { |
504
|
|
|
|
|
|
|
# callback has not returned anything, assume server error |
505
|
0
|
0
|
|
|
|
0
|
my $method = $grant_type eq 'password' |
|
|
0
|
|
|
|
|
|
506
|
|
|
|
|
|
|
? 'verify_user_password' : $grant_type eq 'client_credentials' |
507
|
|
|
|
|
|
|
? 'verify_client' : 'verify_auth_code'; |
508
|
|
|
|
|
|
|
|
509
|
0
|
|
|
|
|
0
|
$json_response = { |
510
|
|
|
|
|
|
|
error => 'server_error', |
511
|
|
|
|
|
|
|
error_description => "call to $method returned unexpected value", |
512
|
|
|
|
|
|
|
}; |
513
|
|
|
|
|
|
|
} |
514
|
|
|
|
|
|
|
|
515
|
42
|
|
|
|
|
180
|
$self->res->headers->header( 'Cache-Control' => 'no-store' ); |
516
|
42
|
|
|
|
|
1686
|
$self->res->headers->header( 'Pragma' => 'no-cache' ); |
517
|
|
|
|
|
|
|
|
518
|
42
|
|
|
|
|
1315
|
$self->render( |
519
|
|
|
|
|
|
|
status => $status, |
520
|
|
|
|
|
|
|
json => $json_response, |
521
|
|
|
|
|
|
|
); |
522
|
|
|
|
|
|
|
} |
523
|
|
|
|
|
|
|
|
524
|
|
|
|
|
|
|
sub _access_token_request_check_params { |
525
|
67
|
|
|
67
|
|
182
|
my ( $self,$grant_type,$username,$password,$auth_code,$uri ) = @_; |
526
|
|
|
|
|
|
|
|
527
|
67
|
100
|
100
|
|
|
721
|
if ( |
|
|
100
|
66
|
|
|
|
|
|
|
100
|
66
|
|
|
|
|
|
|
|
66
|
|
|
|
|
|
|
|
33
|
|
|
|
|
528
|
|
|
|
|
|
|
$grant_type eq 'password' |
529
|
|
|
|
|
|
|
) { |
530
|
7
|
0
|
33
|
|
|
19
|
if ( ! $username && ! $password ) { |
531
|
0
|
|
|
|
|
0
|
$self->render( |
532
|
|
|
|
|
|
|
status => 400, |
533
|
|
|
|
|
|
|
json => { |
534
|
|
|
|
|
|
|
error => 'invalid_request', |
535
|
|
|
|
|
|
|
error_description => 'the request was missing one of: ' |
536
|
|
|
|
|
|
|
. 'client_id, client_secret, username, password', |
537
|
|
|
|
|
|
|
error_uri => '', |
538
|
|
|
|
|
|
|
} |
539
|
|
|
|
|
|
|
); |
540
|
0
|
|
|
|
|
0
|
return 0; |
541
|
|
|
|
|
|
|
} |
542
|
|
|
|
|
|
|
} elsif ( |
543
|
|
|
|
|
|
|
$grant_type eq 'client_credentials' |
544
|
|
|
|
|
|
|
) { |
545
|
10
|
|
|
|
|
25
|
my ( $client_id,$client_secret ) = _client_credentials_from_header( $self ); |
546
|
|
|
|
|
|
|
|
547
|
10
|
100
|
66
|
|
|
159
|
if ( ! $client_id || ! $client_secret ) { |
548
|
7
|
|
|
|
|
35
|
$self->render( |
549
|
|
|
|
|
|
|
status => 400, |
550
|
|
|
|
|
|
|
json => { |
551
|
|
|
|
|
|
|
error => 'invalid_request', |
552
|
|
|
|
|
|
|
error_description => 'the request was missing an Authorization: Basic' |
553
|
|
|
|
|
|
|
. ' header or it was missing the encoded client_id:client_secret data', |
554
|
|
|
|
|
|
|
error_uri => '', |
555
|
|
|
|
|
|
|
} |
556
|
|
|
|
|
|
|
); |
557
|
7
|
|
|
|
|
2510
|
return 0; |
558
|
|
|
|
|
|
|
} |
559
|
|
|
|
|
|
|
} elsif ( |
560
|
|
|
|
|
|
|
( $grant_type ne 'authorization_code' and $grant_type ne 'refresh_token' ) |
561
|
|
|
|
|
|
|
or ( $grant_type eq 'authorization_code' and ! defined( $auth_code ) ) |
562
|
|
|
|
|
|
|
or ( $grant_type eq 'authorization_code' and ! defined( $uri ) ) |
563
|
|
|
|
|
|
|
) { |
564
|
18
|
|
|
|
|
124
|
$self->render( |
565
|
|
|
|
|
|
|
status => 400, |
566
|
|
|
|
|
|
|
json => { |
567
|
|
|
|
|
|
|
error => 'invalid_request', |
568
|
|
|
|
|
|
|
error_description => 'the request was missing one of: grant_type, ' |
569
|
|
|
|
|
|
|
. 'client_id, client_secret, code, redirect_uri;' |
570
|
|
|
|
|
|
|
. 'or grant_type did not equal "authorization_code" ' |
571
|
|
|
|
|
|
|
. 'or "refresh_token"', |
572
|
|
|
|
|
|
|
error_uri => '', |
573
|
|
|
|
|
|
|
} |
574
|
|
|
|
|
|
|
); |
575
|
18
|
|
|
|
|
7981
|
return 0; |
576
|
|
|
|
|
|
|
} |
577
|
|
|
|
|
|
|
|
578
|
42
|
|
|
|
|
134
|
return 1; |
579
|
|
|
|
|
|
|
} |
580
|
|
|
|
|
|
|
|
581
|
|
|
|
|
|
|
sub _client_credentials_from_header { |
582
|
13
|
|
|
13
|
|
22
|
my ( $self ) = @_; |
583
|
|
|
|
|
|
|
|
584
|
13
|
100
|
|
|
|
31
|
if ( my $auth_header = $self->req->headers->header( 'Authorization' ) ) { |
585
|
7
|
50
|
|
|
|
173
|
if ( my ( $encoded_details ) = ( split( 'Basic ',$auth_header ) )[1] ) { |
586
|
7
|
|
100
|
|
|
28
|
my $decoded_details = b64_decode( $encoded_details // '' ); |
587
|
7
|
|
|
|
|
23
|
my ( $client_id,$client_secret ) = split( ':',$decoded_details ); |
588
|
7
|
|
|
|
|
24
|
return ( $client_id,$client_secret ); |
589
|
|
|
|
|
|
|
} |
590
|
|
|
|
|
|
|
} |
591
|
|
|
|
|
|
|
} |
592
|
|
|
|
|
|
|
|
593
|
|
|
|
|
|
|
sub _verify_credentials { |
594
|
|
|
|
|
|
|
my ( |
595
|
42
|
|
|
42
|
|
159
|
$self,$Grant,$grant_type,$refresh_token,$client_id,$client_secret, |
596
|
|
|
|
|
|
|
$auth_code,$username,$password,$uri |
597
|
|
|
|
|
|
|
) = @_; |
598
|
|
|
|
|
|
|
|
599
|
42
|
|
|
|
|
93
|
my ( $client,$error,$scope,$user_id,$old_refresh_token,$error_description ); |
600
|
|
|
|
|
|
|
|
601
|
42
|
100
|
|
|
|
217
|
if ( $grant_type eq 'refresh_token' ) { |
|
|
100
|
|
|
|
|
|
|
|
100
|
|
|
|
|
|
602
|
9
|
|
|
|
|
40
|
( $client,$error,$scope,$user_id,$error_description ) = $Grant->verify_token_and_scope( |
603
|
|
|
|
|
|
|
refresh_token => $refresh_token, |
604
|
|
|
|
|
|
|
auth_header => $self->req->headers->header( 'Authorization' ), |
605
|
|
|
|
|
|
|
mojo_controller => $self, |
606
|
|
|
|
|
|
|
); |
607
|
9
|
|
|
|
|
1788
|
$old_refresh_token = $refresh_token; |
608
|
|
|
|
|
|
|
|
609
|
|
|
|
|
|
|
} elsif ( $grant_type eq 'password' ) { |
610
|
7
|
|
|
|
|
15
|
$scope = $self->every_param( 'scope' ); |
611
|
|
|
|
|
|
|
|
612
|
7
|
|
|
|
|
355
|
( $client,$error,$scope,$user_id,$error_description ) = $Grant->verify_user_password( |
613
|
|
|
|
|
|
|
client_id => $client_id, |
614
|
|
|
|
|
|
|
client_secret => $client_secret, |
615
|
|
|
|
|
|
|
username => $username, |
616
|
|
|
|
|
|
|
password => $password, |
617
|
|
|
|
|
|
|
mojo_controller => $self, |
618
|
|
|
|
|
|
|
scopes => $scope, |
619
|
|
|
|
|
|
|
); |
620
|
|
|
|
|
|
|
} elsif ( $grant_type eq 'client_credentials' ) { |
621
|
|
|
|
|
|
|
|
622
|
3
|
|
|
|
|
6
|
my $client_secret; |
623
|
|
|
|
|
|
|
|
624
|
3
|
|
|
|
|
9
|
( $client,$client_secret ) = _client_credentials_from_header( $self ); |
625
|
|
|
|
|
|
|
|
626
|
3
|
|
|
|
|
13
|
$scope = $self->every_param( 'scope' ); |
627
|
3
|
|
|
|
|
143
|
my $res; |
628
|
|
|
|
|
|
|
|
629
|
3
|
|
|
|
|
45
|
( $res,$error,$error_description ) = $Grant->verify_client( |
630
|
|
|
|
|
|
|
client_id => $client, |
631
|
|
|
|
|
|
|
client_secret => $client_secret, |
632
|
|
|
|
|
|
|
mojo_controller => $self, |
633
|
|
|
|
|
|
|
scopes => $scope, |
634
|
|
|
|
|
|
|
); |
635
|
|
|
|
|
|
|
|
636
|
3
|
100
|
|
|
|
545
|
undef( $client ) if ! $res; |
637
|
|
|
|
|
|
|
|
638
|
|
|
|
|
|
|
} else { |
639
|
23
|
|
|
|
|
171
|
( $client,$error,$scope,$user_id,$error_description ) = $Grant->verify_auth_code( |
640
|
|
|
|
|
|
|
client_id => $client_id, |
641
|
|
|
|
|
|
|
client_secret => $client_secret, |
642
|
|
|
|
|
|
|
auth_code => $auth_code, |
643
|
|
|
|
|
|
|
redirect_uri => $uri, |
644
|
|
|
|
|
|
|
mojo_controller => $self, |
645
|
|
|
|
|
|
|
); |
646
|
|
|
|
|
|
|
} |
647
|
|
|
|
|
|
|
|
648
|
|
|
|
|
|
|
$client = ! ref $client |
649
|
|
|
|
|
|
|
? $client |
650
|
42
|
100
|
66
|
|
|
3920
|
: ( $client->{client_id} || $client->{client} ); |
651
|
|
|
|
|
|
|
|
652
|
42
|
|
|
|
|
169
|
return ( $client,$error,$scope,$user_id,$old_refresh_token,$error_description ); |
653
|
|
|
|
|
|
|
} |
654
|
|
|
|
|
|
|
|
655
|
|
|
|
|
|
|
=head1 SEE ALSO |
656
|
|
|
|
|
|
|
|
657
|
|
|
|
|
|
|
L - The dist that handles the bulk of the |
658
|
|
|
|
|
|
|
functionality used by this plugin |
659
|
|
|
|
|
|
|
|
660
|
|
|
|
|
|
|
=head1 AUTHOR & CONTRIBUTORS |
661
|
|
|
|
|
|
|
|
662
|
|
|
|
|
|
|
Lee Johnson - C |
663
|
|
|
|
|
|
|
|
664
|
|
|
|
|
|
|
With contributions from: |
665
|
|
|
|
|
|
|
|
666
|
|
|
|
|
|
|
Nick Logan C |
667
|
|
|
|
|
|
|
|
668
|
|
|
|
|
|
|
Pierre VIGIER C |
669
|
|
|
|
|
|
|
|
670
|
|
|
|
|
|
|
Renee C |
671
|
|
|
|
|
|
|
|
672
|
|
|
|
|
|
|
=head1 LICENSE |
673
|
|
|
|
|
|
|
|
674
|
|
|
|
|
|
|
This library is free software; you can redistribute it and/or modify it under |
675
|
|
|
|
|
|
|
the same terms as Perl itself. If you would like to contribute documentation |
676
|
|
|
|
|
|
|
or file a bug report then please raise an issue / pull request: |
677
|
|
|
|
|
|
|
|
678
|
|
|
|
|
|
|
https://github.com/Humanstate/mojolicious-plugin-oauth2-server |
679
|
|
|
|
|
|
|
|
680
|
|
|
|
|
|
|
=cut |
681
|
|
|
|
|
|
|
|
682
|
|
|
|
|
|
|
1; |
683
|
|
|
|
|
|
|
|
684
|
|
|
|
|
|
|
# vim: ts=2:sw=2:et |