line |
stmt |
bran |
cond |
sub |
pod |
time |
code |
1
|
|
|
|
|
|
|
package Mojolicious::Plugin::OAuth2::Server; |
2
|
|
|
|
|
|
|
|
3
|
|
|
|
|
|
|
=head1 NAME |
4
|
|
|
|
|
|
|
|
5
|
|
|
|
|
|
|
Mojolicious::Plugin::OAuth2::Server - Easier implementation of an OAuth2 |
6
|
|
|
|
|
|
|
Authorization Server / Resource Server with Mojolicious |
7
|
|
|
|
|
|
|
|
8
|
|
|
|
|
|
|
=for html |
9
|
|
|
|
|
|
|
|
10
|
|
|
|
|
|
|
|
11
|
|
|
|
|
|
|
|
12
|
|
|
|
|
|
|
=head1 VERSION |
13
|
|
|
|
|
|
|
|
14
|
|
|
|
|
|
|
0.51 |
15
|
|
|
|
|
|
|
|
16
|
|
|
|
|
|
|
=head1 SYNOPSIS |
17
|
|
|
|
|
|
|
|
18
|
|
|
|
|
|
|
use Mojolicious::Lite; |
19
|
|
|
|
|
|
|
|
20
|
|
|
|
|
|
|
plugin 'OAuth2::Server' => { |
21
|
|
|
|
|
|
|
... # see SYNOPSIS in Net::OAuth2::AuthorizationServer::Manual |
22
|
|
|
|
|
|
|
}; |
23
|
|
|
|
|
|
|
|
24
|
|
|
|
|
|
|
group { |
25
|
|
|
|
|
|
|
# /api - must be authorized |
26
|
|
|
|
|
|
|
under '/api' => sub { |
27
|
|
|
|
|
|
|
my ( $c ) = @_; |
28
|
|
|
|
|
|
|
|
29
|
|
|
|
|
|
|
return 1 if $c->oauth; # must be authorized via oauth |
30
|
|
|
|
|
|
|
|
31
|
|
|
|
|
|
|
$c->render( status => 401, text => 'Unauthorized' ); |
32
|
|
|
|
|
|
|
return undef; |
33
|
|
|
|
|
|
|
}; |
34
|
|
|
|
|
|
|
|
35
|
|
|
|
|
|
|
any '/annoy_friends' => sub { shift->render( text => "Annoyed Friends" ); }; |
36
|
|
|
|
|
|
|
any '/post_image' => sub { shift->render( text => "Posted Image" ); }; |
37
|
|
|
|
|
|
|
}; |
38
|
|
|
|
|
|
|
|
39
|
|
|
|
|
|
|
any '/track_location' => sub { |
40
|
|
|
|
|
|
|
my ( $c ) = @_; |
41
|
|
|
|
|
|
|
|
42
|
|
|
|
|
|
|
my $oauth_details = $c->oauth( 'track_location' ) |
43
|
|
|
|
|
|
|
|| return $c->render( status => 401, text => 'You cannot track location' ); |
44
|
|
|
|
|
|
|
|
45
|
|
|
|
|
|
|
$c->render( text => "Target acquired: @{[$oauth_details->{user_id}]}" ); |
46
|
|
|
|
|
|
|
}; |
47
|
|
|
|
|
|
|
|
48
|
|
|
|
|
|
|
app->start; |
49
|
|
|
|
|
|
|
|
50
|
|
|
|
|
|
|
Or full fat app: |
51
|
|
|
|
|
|
|
|
52
|
|
|
|
|
|
|
use Mojo::Base 'Mojolicious'; |
53
|
|
|
|
|
|
|
|
54
|
|
|
|
|
|
|
... |
55
|
|
|
|
|
|
|
|
56
|
|
|
|
|
|
|
sub startup { |
57
|
|
|
|
|
|
|
my $self = shift; |
58
|
|
|
|
|
|
|
|
59
|
|
|
|
|
|
|
... |
60
|
|
|
|
|
|
|
|
61
|
|
|
|
|
|
|
$self->plugin( 'OAuth2::Server' => $oauth2_auth_code_grant_config ); |
62
|
|
|
|
|
|
|
} |
63
|
|
|
|
|
|
|
|
64
|
|
|
|
|
|
|
Then in your controller: |
65
|
|
|
|
|
|
|
|
66
|
|
|
|
|
|
|
sub my_route_name { |
67
|
|
|
|
|
|
|
my ( $c ) = @_; |
68
|
|
|
|
|
|
|
|
69
|
|
|
|
|
|
|
if ( my $oauth_details = $c->oauth( qw/required scopes/ ) ) { |
70
|
|
|
|
|
|
|
... # do something, user_id, client_id, etc, available in $oauth_details |
71
|
|
|
|
|
|
|
} else { |
72
|
|
|
|
|
|
|
return $c->render( status => 401, text => 'Unauthorized' ); |
73
|
|
|
|
|
|
|
} |
74
|
|
|
|
|
|
|
|
75
|
|
|
|
|
|
|
... |
76
|
|
|
|
|
|
|
} |
77
|
|
|
|
|
|
|
|
78
|
|
|
|
|
|
|
=head1 DESCRIPTION |
79
|
|
|
|
|
|
|
|
80
|
|
|
|
|
|
|
This plugin implements the various OAuth2 grant types flow as described at |
81
|
|
|
|
|
|
|
L. It is a complete implementation of |
82
|
|
|
|
|
|
|
RFC6749, with the exception of the "Extension Grants" as the description of |
83
|
|
|
|
|
|
|
that grant type is rather hand-wavy. |
84
|
|
|
|
|
|
|
|
85
|
|
|
|
|
|
|
The bulk of the functionality is implemented in the L |
86
|
|
|
|
|
|
|
distribution, you should see that for more comprehensive documentation and |
87
|
|
|
|
|
|
|
examples of usage. |
88
|
|
|
|
|
|
|
|
89
|
|
|
|
|
|
|
The examples here use the "Authorization Code Grant" flow as that is considered |
90
|
|
|
|
|
|
|
the most secure and most complete form of OAuth2. |
91
|
|
|
|
|
|
|
|
92
|
|
|
|
|
|
|
=cut |
93
|
|
|
|
|
|
|
|
94
|
22
|
|
|
22
|
|
58495
|
use strict; |
|
22
|
|
|
|
|
44
|
|
|
22
|
|
|
|
|
608
|
|
95
|
22
|
|
|
22
|
|
101
|
use warnings; |
|
22
|
|
|
|
|
65
|
|
|
22
|
|
|
|
|
589
|
|
96
|
22
|
|
|
22
|
|
103
|
use base qw/ Mojolicious::Plugin /; |
|
22
|
|
|
|
|
41
|
|
|
22
|
|
|
|
|
2138
|
|
97
|
|
|
|
|
|
|
|
98
|
22
|
|
|
22
|
|
126
|
use Mojo::URL; |
|
22
|
|
|
|
|
42
|
|
|
22
|
|
|
|
|
210
|
|
99
|
22
|
|
|
22
|
|
637
|
use Mojo::Parameters; |
|
22
|
|
|
|
|
40
|
|
|
22
|
|
|
|
|
168
|
|
100
|
22
|
|
|
22
|
|
733
|
use Mojo::Util qw/ b64_decode url_unescape /; |
|
22
|
|
|
|
|
54
|
|
|
22
|
|
|
|
|
1266
|
|
101
|
22
|
|
|
22
|
|
8835
|
use Net::OAuth2::AuthorizationServer; |
|
22
|
|
|
|
|
8979757
|
|
|
22
|
|
|
|
|
756
|
|
102
|
22
|
|
|
22
|
|
213
|
use Carp qw/ croak /; |
|
22
|
|
|
|
|
59
|
|
|
22
|
|
|
|
|
47408
|
|
103
|
|
|
|
|
|
|
|
104
|
|
|
|
|
|
|
our $VERSION = '0.51'; |
105
|
|
|
|
|
|
|
|
106
|
|
|
|
|
|
|
my ( $AuthCodeGrant,$PasswordGrant,$ImplicitGrant,$ClientCredentialsGrant,$Grant,$JWTCallback ); |
107
|
|
|
|
|
|
|
|
108
|
|
|
|
|
|
|
=head1 METHODS |
109
|
|
|
|
|
|
|
|
110
|
|
|
|
|
|
|
=head2 register |
111
|
|
|
|
|
|
|
|
112
|
|
|
|
|
|
|
Registers the plugin with your app - note that you must pass callbacks for |
113
|
|
|
|
|
|
|
certain functions that the plugin expects to call if you are not using the |
114
|
|
|
|
|
|
|
plugin in its simplest form. |
115
|
|
|
|
|
|
|
|
116
|
|
|
|
|
|
|
$self->register($app, \%config); |
117
|
|
|
|
|
|
|
|
118
|
|
|
|
|
|
|
Registering the plugin will call the L |
119
|
|
|
|
|
|
|
and create a C that can be accessed using the defined |
120
|
|
|
|
|
|
|
C and C. The arguments passed to the |
121
|
|
|
|
|
|
|
plugin are passed straight through to the C method in |
122
|
|
|
|
|
|
|
the L module. |
123
|
|
|
|
|
|
|
|
124
|
|
|
|
|
|
|
=head2 oauth |
125
|
|
|
|
|
|
|
|
126
|
|
|
|
|
|
|
Checks if there is a valid Authorization: Bearer header with a valid access |
127
|
|
|
|
|
|
|
token and if the access token has the requisite scopes. The scopes are optional: |
128
|
|
|
|
|
|
|
|
129
|
|
|
|
|
|
|
unless ( my $oauth_details = $c->oauth( @scopes ) ) { |
130
|
|
|
|
|
|
|
return $c->render( status => 401, text => 'Unauthorized' ); |
131
|
|
|
|
|
|
|
} |
132
|
|
|
|
|
|
|
|
133
|
|
|
|
|
|
|
This calls the L |
134
|
|
|
|
|
|
|
module (C method) to validate the access/refresh token. |
135
|
|
|
|
|
|
|
|
136
|
|
|
|
|
|
|
=head2 oauth2_auth_request |
137
|
|
|
|
|
|
|
|
138
|
|
|
|
|
|
|
This is a helper to allow you get get the redirect URI instead of directing |
139
|
|
|
|
|
|
|
a user to the authorize_route - it requires the details of the client: |
140
|
|
|
|
|
|
|
|
141
|
|
|
|
|
|
|
my $redirect_uri = $c->oauth2_auth_request({ |
142
|
|
|
|
|
|
|
client_id => $client_id, |
143
|
|
|
|
|
|
|
redirect_uri => 'https://foo', |
144
|
|
|
|
|
|
|
response_type => 'token', |
145
|
|
|
|
|
|
|
scope => 'list,of,scopes', |
146
|
|
|
|
|
|
|
state => 'foo=bar&baz=boz', |
147
|
|
|
|
|
|
|
}); |
148
|
|
|
|
|
|
|
|
149
|
|
|
|
|
|
|
if ( $redirect_uri ) { |
150
|
|
|
|
|
|
|
# do something with $redirect_uri |
151
|
|
|
|
|
|
|
} else { |
152
|
|
|
|
|
|
|
# something didn't work, e.g. bad client, scopes, etc |
153
|
|
|
|
|
|
|
} |
154
|
|
|
|
|
|
|
|
155
|
|
|
|
|
|
|
You can use this helper instead of directing a user to the authorize_route if |
156
|
|
|
|
|
|
|
you need to do something more involved with the redirect_uri rather than |
157
|
|
|
|
|
|
|
having the plugin direct to the user to the resulting redirect uri |
158
|
|
|
|
|
|
|
|
159
|
|
|
|
|
|
|
=cut |
160
|
|
|
|
|
|
|
|
161
|
|
|
|
|
|
|
my $warned_dep = 0; |
162
|
|
|
|
|
|
|
|
163
|
|
|
|
|
|
|
sub register { |
164
|
22
|
|
|
22
|
1
|
1561
|
my ( $self,$app,$config ) = @_; |
165
|
|
|
|
|
|
|
|
166
|
22
|
|
100
|
|
|
165
|
my $auth_route = $config->{authorize_route} // '/oauth/authorize'; |
167
|
22
|
|
100
|
|
|
116
|
my $atoken_route = $config->{access_token_route} // '/oauth/access_token'; |
168
|
|
|
|
|
|
|
|
169
|
22
|
50
|
66
|
|
|
109
|
if ( $config->{users} && ! $config->{jwt_secret} ) { |
170
|
0
|
|
|
|
|
0
|
croak "You MUST provide a jwt_secret to use the password grant (users supplied)"; |
171
|
|
|
|
|
|
|
} |
172
|
|
|
|
|
|
|
|
173
|
22
|
|
|
|
|
163
|
my $Server = Net::OAuth2::AuthorizationServer->new; |
174
|
|
|
|
|
|
|
|
175
|
|
|
|
|
|
|
# note that access_tokens and refresh_tokens will not be shared between |
176
|
|
|
|
|
|
|
# the various grant type objects, so if you need to support |
177
|
|
|
|
|
|
|
# both then you *must* either supply a jwt_secret or supply callbacks |
178
|
|
|
|
|
|
|
$AuthCodeGrant = $Server->auth_code_grant( |
179
|
154
|
|
100
|
|
|
645
|
( map { +"${_}_cb" => ( $config->{$_} // undef ) } qw/ |
180
|
|
|
|
|
|
|
verify_client store_auth_code verify_auth_code |
181
|
|
|
|
|
|
|
store_access_token verify_access_token |
182
|
|
|
|
|
|
|
login_resource_owner confirm_by_resource_owner |
183
|
|
|
|
|
|
|
/ ), |
184
|
22
|
|
|
|
|
715
|
%{ $config }, |
|
22
|
|
|
|
|
156
|
|
185
|
|
|
|
|
|
|
); |
186
|
|
|
|
|
|
|
|
187
|
|
|
|
|
|
|
$PasswordGrant = $Server->password_grant( |
188
|
126
|
|
100
|
|
|
842
|
( map { +"${_}_cb" => ( $config->{$_} // undef ) } qw/ |
189
|
|
|
|
|
|
|
verify_client verify_user_password |
190
|
|
|
|
|
|
|
store_access_token verify_access_token |
191
|
|
|
|
|
|
|
login_resource_owner confirm_by_resource_owner |
192
|
|
|
|
|
|
|
/ ), |
193
|
21
|
|
|
|
|
207555
|
%{ $config }, |
|
21
|
|
|
|
|
138
|
|
194
|
|
|
|
|
|
|
); |
195
|
|
|
|
|
|
|
|
196
|
|
|
|
|
|
|
$ImplicitGrant = $Server->implicit_grant( |
197
|
105
|
|
100
|
|
|
538
|
( map { +"${_}_cb" => ( $config->{$_} // undef ) } qw/ |
198
|
|
|
|
|
|
|
verify_client store_access_token verify_access_token |
199
|
|
|
|
|
|
|
login_resource_owner confirm_by_resource_owner |
200
|
|
|
|
|
|
|
/ ), |
201
|
21
|
|
|
|
|
153107
|
%{ $config }, |
|
21
|
|
|
|
|
144
|
|
202
|
|
|
|
|
|
|
); |
203
|
|
|
|
|
|
|
|
204
|
|
|
|
|
|
|
$ClientCredentialsGrant = $Server->client_credentials_grant( |
205
|
63
|
|
100
|
|
|
336
|
( map { +"${_}_cb" => ( $config->{$_} // undef ) } qw/ |
206
|
|
|
|
|
|
|
verify_client store_access_token verify_access_token |
207
|
|
|
|
|
|
|
/ ), |
208
|
21
|
|
|
|
|
133732
|
%{ $config }, |
|
21
|
|
|
|
|
140
|
|
209
|
|
|
|
|
|
|
); |
210
|
|
|
|
|
|
|
|
211
|
21
|
|
|
|
|
142998
|
$JWTCallback = $config->{jwt_claims}; |
212
|
|
|
|
|
|
|
|
213
|
|
|
|
|
|
|
$app->routes->get( |
214
|
47
|
|
|
47
|
|
591525
|
$auth_route => sub { _authorization_request( @_ ) }, |
215
|
21
|
|
|
|
|
271
|
); |
216
|
|
|
|
|
|
|
|
217
|
|
|
|
|
|
|
$app->helper( oauth2_auth_request => sub { |
218
|
1
|
|
|
1
|
|
14652
|
my ( $c,$args ) = @_; |
219
|
1
|
|
|
|
|
3
|
_authorization_request( $c,$args,1 ); |
220
|
21
|
|
|
|
|
10701
|
} ); |
221
|
|
|
|
|
|
|
|
222
|
|
|
|
|
|
|
$app->routes->post( |
223
|
72
|
|
|
72
|
|
4737908
|
$atoken_route => sub { _access_token_request( @_ ) }, |
224
|
21
|
|
|
|
|
2937
|
); |
225
|
|
|
|
|
|
|
|
226
|
|
|
|
|
|
|
$app->helper( |
227
|
|
|
|
|
|
|
oauth => sub { |
228
|
105
|
|
|
105
|
|
4894262
|
my $c = shift; |
229
|
105
|
|
|
|
|
261
|
my @scopes = @_; |
230
|
105
|
|
66
|
|
|
360
|
$Grant ||= $AuthCodeGrant; |
231
|
105
|
|
|
|
|
521
|
my @res = $Grant->verify_token_and_scope( |
232
|
|
|
|
|
|
|
scopes => [ @scopes ], |
233
|
|
|
|
|
|
|
auth_header => $c->req->headers->header( 'Authorization' ), |
234
|
|
|
|
|
|
|
mojo_controller => $c, |
235
|
|
|
|
|
|
|
); |
236
|
|
|
|
|
|
|
|
237
|
105
|
|
|
|
|
20923
|
my $oauth_details = $res[0]; |
238
|
|
|
|
|
|
|
|
239
|
105
|
100
|
|
|
|
336
|
if ( ref( $oauth_details ) ) { |
240
|
34
|
|
66
|
|
|
163
|
$oauth_details->{client_id} ||= $oauth_details->{client}; |
241
|
|
|
|
|
|
|
} |
242
|
|
|
|
|
|
|
|
243
|
105
|
|
|
|
|
321
|
return $oauth_details; |
244
|
|
|
|
|
|
|
}, |
245
|
21
|
|
|
|
|
6268
|
); |
246
|
|
|
|
|
|
|
} |
247
|
|
|
|
|
|
|
|
248
|
|
|
|
|
|
|
sub _authorization_request { |
249
|
48
|
|
|
48
|
|
143
|
my ( $self,$args,$is_helper ) = @_; |
250
|
|
|
|
|
|
|
|
251
|
48
|
|
100
|
|
|
336
|
$args //= {}; |
252
|
|
|
|
|
|
|
|
253
|
48
|
|
100
|
|
|
253
|
my $client_id = $args->{client_id} // $self->param( 'client_id' ); |
254
|
48
|
|
100
|
|
|
20331
|
my $uri = $args->{redirect_uri} // $self->param( 'redirect_uri' ); |
255
|
48
|
|
100
|
|
|
2841
|
my $type = $args->{response_type} // $self->param( 'response_type' ); |
256
|
48
|
|
66
|
|
|
2597
|
my $scope = $args->{scope} // $self->param( 'scope' ); |
257
|
48
|
|
66
|
|
|
2637
|
my $state = $args->{state} // $self->param( 'state' ); |
258
|
48
|
|
100
|
|
|
2416
|
my $user_id = $args->{user_id} // undef; |
259
|
|
|
|
|
|
|
|
260
|
48
|
100
|
|
|
|
229
|
my @scopes = $scope ? split( / /,$scope ) : (); |
261
|
|
|
|
|
|
|
|
262
|
48
|
100
|
100
|
|
|
536
|
if ( |
|
|
|
66
|
|
|
|
|
263
|
|
|
|
|
|
|
! defined( $client_id ) |
264
|
|
|
|
|
|
|
or ! defined( $type ) |
265
|
|
|
|
|
|
|
or $type !~ /^(code|token)$/ |
266
|
|
|
|
|
|
|
) { |
267
|
12
|
|
|
|
|
126
|
$self->render( |
268
|
|
|
|
|
|
|
status => 400, |
269
|
|
|
|
|
|
|
json => { |
270
|
|
|
|
|
|
|
error => 'invalid_request', |
271
|
|
|
|
|
|
|
error_description => 'the request was missing one of: client_id, ' |
272
|
|
|
|
|
|
|
. 'response_type;' |
273
|
|
|
|
|
|
|
. 'or response_type did not equal "code" or "token"', |
274
|
|
|
|
|
|
|
error_uri => '', |
275
|
|
|
|
|
|
|
} |
276
|
|
|
|
|
|
|
); |
277
|
12
|
|
|
|
|
6498
|
return; |
278
|
|
|
|
|
|
|
} |
279
|
|
|
|
|
|
|
|
280
|
36
|
100
|
|
|
|
144
|
$Grant = $type eq 'token' ? $ImplicitGrant : $AuthCodeGrant; |
281
|
|
|
|
|
|
|
|
282
|
36
|
|
|
|
|
144
|
my $mojo_url = Mojo::URL->new( $uri ); |
283
|
36
|
|
|
|
|
3314
|
my ( $res,$error,$error_description ) = $Grant->verify_client( |
284
|
|
|
|
|
|
|
client_id => $client_id, |
285
|
|
|
|
|
|
|
redirect_uri => $uri, |
286
|
|
|
|
|
|
|
scopes => [ @scopes ], |
287
|
|
|
|
|
|
|
mojo_controller => $self, |
288
|
|
|
|
|
|
|
response_type => $type, |
289
|
|
|
|
|
|
|
); |
290
|
|
|
|
|
|
|
|
291
|
36
|
100
|
|
|
|
5205
|
if ( $res ) { |
292
|
|
|
|
|
|
|
|
293
|
19
|
100
|
|
|
|
131
|
if ( ! $Grant->login_resource_owner( |
294
|
|
|
|
|
|
|
mojo_controller => $self, |
295
|
|
|
|
|
|
|
client_id => $client_id, |
296
|
|
|
|
|
|
|
) ) { |
297
|
2
|
|
|
|
|
3363
|
$self->app->log->debug( "OAuth2::Server: Resource owner not logged in" ); |
298
|
|
|
|
|
|
|
# call to $resource_owner_logged_in method should have called redirect_to |
299
|
2
|
|
|
|
|
38
|
return; |
300
|
|
|
|
|
|
|
} else { |
301
|
17
|
|
|
|
|
425
|
$self->app->log->debug( "OAuth2::Server: Resource owner is logged in" ); |
302
|
17
|
|
|
|
|
346
|
$res = $Grant->confirm_by_resource_owner( |
303
|
|
|
|
|
|
|
client_id => $client_id, |
304
|
|
|
|
|
|
|
scopes => [ @scopes ], |
305
|
|
|
|
|
|
|
mojo_controller => $self, |
306
|
|
|
|
|
|
|
); |
307
|
17
|
100
|
|
|
|
900
|
if ( ! defined $res ) { |
|
|
100
|
|
|
|
|
|
308
|
1
|
|
|
|
|
4
|
$self->app->log->debug( "OAuth2::Server: Resource owner to confirm scopes" ); |
309
|
|
|
|
|
|
|
# call to $resource_owner_confirms method should have called redirect_to |
310
|
1
|
|
|
|
|
14
|
return; |
311
|
|
|
|
|
|
|
} |
312
|
|
|
|
|
|
|
elsif ( $res == 0 ) { |
313
|
1
|
|
|
|
|
18
|
$self->app->log->debug( "OAuth2::Server: Resource owner denied scopes" ); |
314
|
1
|
|
|
|
|
12
|
$error = 'access_denied'; |
315
|
1
|
|
50
|
|
|
5
|
$error_description //= 'resource owner denied access'; |
316
|
|
|
|
|
|
|
} |
317
|
|
|
|
|
|
|
} |
318
|
|
|
|
|
|
|
} |
319
|
|
|
|
|
|
|
|
320
|
33
|
100
|
|
|
|
116
|
if ( $res ) { |
|
|
50
|
|
|
|
|
|
321
|
|
|
|
|
|
|
|
322
|
15
|
100
|
|
|
|
81
|
return _maybe_generate_access_token( |
323
|
|
|
|
|
|
|
$self,$mojo_url,$client_id,[ @scopes ],$state,$is_helper,$user_id |
324
|
|
|
|
|
|
|
) if $type eq 'token'; # implicit grant |
325
|
|
|
|
|
|
|
|
326
|
12
|
|
|
|
|
40
|
$self->app->log->debug( "OAuth2::Server: Generating auth code for $client_id" ); |
327
|
12
|
|
|
|
|
217
|
my $auth_code = $Grant->token( |
328
|
|
|
|
|
|
|
client_id => $client_id, |
329
|
|
|
|
|
|
|
scopes => [ @scopes ], |
330
|
|
|
|
|
|
|
type => 'auth', |
331
|
|
|
|
|
|
|
redirect_uri => $uri, |
332
|
|
|
|
|
|
|
jwt_claims_cb => $JWTCallback, |
333
|
|
|
|
|
|
|
user_id => $user_id, |
334
|
|
|
|
|
|
|
); |
335
|
|
|
|
|
|
|
|
336
|
12
|
|
|
|
|
5080
|
$Grant->store_auth_code( |
337
|
|
|
|
|
|
|
auth_code => $auth_code, |
338
|
|
|
|
|
|
|
client_id => $client_id, |
339
|
|
|
|
|
|
|
expires_in => $Grant->auth_code_ttl, |
340
|
|
|
|
|
|
|
redirect_uri => $uri, |
341
|
|
|
|
|
|
|
scopes => [ @scopes ], |
342
|
|
|
|
|
|
|
mojo_controller => $self, |
343
|
|
|
|
|
|
|
); |
344
|
|
|
|
|
|
|
|
345
|
12
|
|
|
|
|
810
|
$mojo_url->query->append( code => $auth_code ); |
346
|
|
|
|
|
|
|
|
347
|
|
|
|
|
|
|
} elsif ( $error ) { |
348
|
18
|
|
|
|
|
70
|
$mojo_url->query->append( error => $error ); |
349
|
18
|
100
|
|
|
|
581
|
$mojo_url->query->append( error_description => $error_description ) if $error_description; |
350
|
|
|
|
|
|
|
} else { |
351
|
|
|
|
|
|
|
# callback has not returned anything, assume server error |
352
|
0
|
|
|
|
|
0
|
$mojo_url->query->append( |
353
|
|
|
|
|
|
|
error => 'server_error', |
354
|
|
|
|
|
|
|
error_description => 'call to verify_client returned unexpected value', |
355
|
|
|
|
|
|
|
); |
356
|
|
|
|
|
|
|
} |
357
|
|
|
|
|
|
|
|
358
|
30
|
100
|
|
|
|
574
|
$mojo_url->query->append( state => $state ) if defined( $state ); |
359
|
|
|
|
|
|
|
|
360
|
30
|
50
|
|
|
|
794
|
return $is_helper ? $mojo_url : $self->redirect_to( $mojo_url ); |
361
|
|
|
|
|
|
|
} |
362
|
|
|
|
|
|
|
|
363
|
|
|
|
|
|
|
sub _maybe_generate_access_token { |
364
|
3
|
|
|
3
|
|
9
|
my ( $self,$mojo_url,$client,$scope,$state,$is_helper,$user_id ) = @_; |
365
|
|
|
|
|
|
|
|
366
|
3
|
50
|
|
|
|
25
|
my $access_token_ttl = $Grant->can('get_access_token_ttl') |
367
|
|
|
|
|
|
|
? $Grant->get_access_token_ttl( |
368
|
|
|
|
|
|
|
scopes => $scope, |
369
|
|
|
|
|
|
|
client_id => $client, |
370
|
|
|
|
|
|
|
) |
371
|
|
|
|
|
|
|
: $Grant->access_token_ttl; |
372
|
|
|
|
|
|
|
|
373
|
3
|
|
|
|
|
40
|
my $access_token = $Grant->token( |
374
|
|
|
|
|
|
|
client_id => $client, |
375
|
|
|
|
|
|
|
scopes => $scope, |
376
|
|
|
|
|
|
|
type => 'access', |
377
|
|
|
|
|
|
|
jwt_claims_cb => $JWTCallback, |
378
|
|
|
|
|
|
|
user_id => $user_id, |
379
|
|
|
|
|
|
|
); |
380
|
|
|
|
|
|
|
|
381
|
3
|
|
|
|
|
1506
|
$Grant->store_access_token( |
382
|
|
|
|
|
|
|
client_id => $client, |
383
|
|
|
|
|
|
|
access_token => $access_token, |
384
|
|
|
|
|
|
|
expires_in => $access_token_ttl, |
385
|
|
|
|
|
|
|
scopes => $scope, |
386
|
|
|
|
|
|
|
mojo_controller => $self, |
387
|
|
|
|
|
|
|
); |
388
|
|
|
|
|
|
|
|
389
|
|
|
|
|
|
|
# http://example.com/cb#access_token=2YotnFZFEjr1zCsicMWpAA |
390
|
|
|
|
|
|
|
# &state=xyz&token_type=example&expires_in=3600 |
391
|
3
|
100
|
|
|
|
111
|
my $params = Mojo::Parameters->new( |
392
|
|
|
|
|
|
|
access_token => $access_token, |
393
|
|
|
|
|
|
|
token_type => 'bearer', |
394
|
|
|
|
|
|
|
expires_in => $access_token_ttl, |
395
|
|
|
|
|
|
|
( $state |
396
|
|
|
|
|
|
|
? ( state => $state ) |
397
|
|
|
|
|
|
|
: (), |
398
|
|
|
|
|
|
|
) |
399
|
|
|
|
|
|
|
); |
400
|
|
|
|
|
|
|
|
401
|
3
|
|
|
|
|
143
|
$mojo_url->fragment( url_unescape( $params->to_string ) ); |
402
|
3
|
100
|
|
|
|
1035
|
return $is_helper ? $mojo_url : $self->redirect_to( $mojo_url ); |
403
|
|
|
|
|
|
|
} |
404
|
|
|
|
|
|
|
|
405
|
|
|
|
|
|
|
sub _access_token_request { |
406
|
72
|
|
|
72
|
|
189
|
my ( $self ) = @_; |
407
|
|
|
|
|
|
|
|
408
|
|
|
|
|
|
|
my ( |
409
|
|
|
|
|
|
|
$client_id,$client_secret,$grant_type,$auth_code,$uri, |
410
|
|
|
|
|
|
|
$refresh_token,$username,$password |
411
|
72
|
|
100
|
|
|
204
|
) = map { $self->param( $_ ) // undef } qw/ |
|
576
|
|
|
|
|
49812
|
|
412
|
|
|
|
|
|
|
client_id client_secret grant_type code redirect_uri |
413
|
|
|
|
|
|
|
refresh_token username password |
414
|
|
|
|
|
|
|
/; |
415
|
|
|
|
|
|
|
|
416
|
72
|
|
100
|
|
|
3776
|
$grant_type //=''; |
417
|
|
|
|
|
|
|
|
418
|
72
|
100
|
|
|
|
318
|
_access_token_request_check_params( |
419
|
|
|
|
|
|
|
$self,$grant_type,$username,$password,$auth_code,$uri |
420
|
|
|
|
|
|
|
) || return; |
421
|
|
|
|
|
|
|
|
422
|
51
|
|
|
|
|
120
|
my $json_response = {}; |
423
|
51
|
|
|
|
|
93
|
my $status = 400; |
424
|
|
|
|
|
|
|
|
425
|
51
|
100
|
|
|
|
208
|
$Grant = $grant_type eq 'password' |
|
|
100
|
|
|
|
|
|
426
|
|
|
|
|
|
|
? $PasswordGrant : $grant_type eq 'client_credentials' |
427
|
|
|
|
|
|
|
? $ClientCredentialsGrant : $AuthCodeGrant; |
428
|
|
|
|
|
|
|
|
429
|
51
|
|
|
|
|
242
|
my ( $client,$error,$scope,$user_id,$old_refresh_token,$error_description ) = _verify_credentials( |
430
|
|
|
|
|
|
|
$self,$Grant,$grant_type,$refresh_token,$client_id,$client_secret, |
431
|
|
|
|
|
|
|
$auth_code,$username,$password,$uri |
432
|
|
|
|
|
|
|
); |
433
|
|
|
|
|
|
|
|
434
|
51
|
100
|
|
|
|
204
|
if ( $client ) { |
|
|
50
|
|
|
|
|
|
435
|
|
|
|
|
|
|
|
436
|
23
|
50
|
|
|
|
109
|
$self->app->log->debug( "OAuth2::Server: Generating access token for @{[ ref $client ? $client->{client} : $client ]}" ); |
|
23
|
|
|
|
|
348
|
|
437
|
|
|
|
|
|
|
|
438
|
23
|
50
|
|
|
|
368
|
my $access_token_ttl = $Grant->can('get_access_token_ttl') |
439
|
|
|
|
|
|
|
? $Grant->get_access_token_ttl( |
440
|
|
|
|
|
|
|
scopes => $scope, |
441
|
|
|
|
|
|
|
client_id => $client_id, |
442
|
|
|
|
|
|
|
) |
443
|
|
|
|
|
|
|
: $Grant->access_token_ttl; |
444
|
|
|
|
|
|
|
|
445
|
23
|
|
|
|
|
355
|
my $access_token = $Grant->token( |
446
|
|
|
|
|
|
|
client_id => $client, |
447
|
|
|
|
|
|
|
scopes => $scope, |
448
|
|
|
|
|
|
|
type => 'access', |
449
|
|
|
|
|
|
|
user_id => $user_id, |
450
|
|
|
|
|
|
|
jwt_claims_cb => $JWTCallback, |
451
|
|
|
|
|
|
|
); |
452
|
|
|
|
|
|
|
|
453
|
23
|
|
|
|
|
8689
|
my $refresh_token = $Grant->token( |
454
|
|
|
|
|
|
|
client_id => $client, |
455
|
|
|
|
|
|
|
scopes => $scope, |
456
|
|
|
|
|
|
|
type => 'refresh', |
457
|
|
|
|
|
|
|
user_id => $user_id, |
458
|
|
|
|
|
|
|
jwt_claims_cb => $JWTCallback, |
459
|
|
|
|
|
|
|
); |
460
|
|
|
|
|
|
|
|
461
|
23
|
100
|
|
|
|
5740
|
$Grant->store_access_token( |
|
|
100
|
|
|
|
|
|
462
|
|
|
|
|
|
|
client_id => $client, |
463
|
|
|
|
|
|
|
( $grant_type ne 'password' ? ( auth_code => $auth_code ) : () ), |
464
|
|
|
|
|
|
|
access_token => $access_token, |
465
|
|
|
|
|
|
|
expires_in => $access_token_ttl, |
466
|
|
|
|
|
|
|
scopes => $scope, |
467
|
|
|
|
|
|
|
( $grant_type eq 'client_credentials' |
468
|
|
|
|
|
|
|
? () |
469
|
|
|
|
|
|
|
: ( |
470
|
|
|
|
|
|
|
refresh_token => $refresh_token, |
471
|
|
|
|
|
|
|
old_refresh_token => $old_refresh_token, |
472
|
|
|
|
|
|
|
) |
473
|
|
|
|
|
|
|
), |
474
|
|
|
|
|
|
|
mojo_controller => $self, |
475
|
|
|
|
|
|
|
); |
476
|
|
|
|
|
|
|
|
477
|
23
|
|
|
|
|
1652
|
$status = 200; |
478
|
|
|
|
|
|
|
$json_response = { |
479
|
|
|
|
|
|
|
# RFC6749 section 5.1 says that Access Token Response should include |
480
|
|
|
|
|
|
|
# the authorized scope when it does not match the requested scopes: |
481
|
|
|
|
|
|
|
# |
482
|
|
|
|
|
|
|
# OPTIONAL, if identical to the scope requested by the client; |
483
|
|
|
|
|
|
|
# otherwise, REQUIRED. The scope of the access token as |
484
|
|
|
|
|
|
|
# described by Section 3.3. |
485
|
|
|
|
|
|
|
( ! $old_refresh_token && $scope |
486
|
|
|
|
|
|
|
? ( scopes => ref( $scope ) eq 'HASH' |
487
|
23
|
100
|
66
|
|
|
298
|
? [ map { $_ } grep { $scope->{$_} } keys %{ $scope } ] |
|
2
|
100
|
|
|
|
16
|
|
|
4
|
100
|
|
|
|
11
|
|
|
2
|
|
|
|
|
8
|
|
488
|
|
|
|
|
|
|
: $scope ) |
489
|
|
|
|
|
|
|
: ()), |
490
|
|
|
|
|
|
|
|
491
|
|
|
|
|
|
|
access_token => $access_token, |
492
|
|
|
|
|
|
|
token_type => 'Bearer', |
493
|
|
|
|
|
|
|
expires_in => $access_token_ttl, |
494
|
|
|
|
|
|
|
( $grant_type eq 'client_credentials' |
495
|
|
|
|
|
|
|
? () |
496
|
|
|
|
|
|
|
: ( refresh_token => $refresh_token ), |
497
|
|
|
|
|
|
|
) |
498
|
|
|
|
|
|
|
}; |
499
|
|
|
|
|
|
|
|
500
|
|
|
|
|
|
|
} elsif ( $error ) { |
501
|
28
|
|
|
|
|
84
|
$json_response->{error} = $error; |
502
|
28
|
100
|
|
|
|
109
|
$json_response->{error_description} = $error_description if $error_description; |
503
|
|
|
|
|
|
|
} else { |
504
|
|
|
|
|
|
|
# callback has not returned anything, assume server error |
505
|
0
|
0
|
|
|
|
0
|
my $method = $grant_type eq 'password' |
|
|
0
|
|
|
|
|
|
506
|
|
|
|
|
|
|
? 'verify_user_password' : $grant_type eq 'client_credentials' |
507
|
|
|
|
|
|
|
? 'verify_client' : 'verify_auth_code'; |
508
|
|
|
|
|
|
|
|
509
|
0
|
|
|
|
|
0
|
$json_response = { |
510
|
|
|
|
|
|
|
error => 'server_error', |
511
|
|
|
|
|
|
|
error_description => "call to $method returned unexpected value", |
512
|
|
|
|
|
|
|
}; |
513
|
|
|
|
|
|
|
} |
514
|
|
|
|
|
|
|
|
515
|
51
|
|
|
|
|
218
|
$self->res->headers->header( 'Cache-Control' => 'no-store' ); |
516
|
51
|
|
|
|
|
2290
|
$self->res->headers->header( 'Pragma' => 'no-cache' ); |
517
|
|
|
|
|
|
|
|
518
|
51
|
|
|
|
|
1636
|
$self->render( |
519
|
|
|
|
|
|
|
status => $status, |
520
|
|
|
|
|
|
|
json => $json_response, |
521
|
|
|
|
|
|
|
); |
522
|
|
|
|
|
|
|
} |
523
|
|
|
|
|
|
|
|
524
|
|
|
|
|
|
|
sub _access_token_request_check_params { |
525
|
72
|
|
|
72
|
|
245
|
my ( $self,$grant_type,$username,$password,$auth_code,$uri ) = @_; |
526
|
|
|
|
|
|
|
|
527
|
72
|
100
|
100
|
|
|
836
|
if ( |
|
|
100
|
66
|
|
|
|
|
|
|
100
|
66
|
|
|
|
|
|
|
|
66
|
|
|
|
|
|
|
|
33
|
|
|
|
|
528
|
|
|
|
|
|
|
$grant_type eq 'password' |
529
|
|
|
|
|
|
|
) { |
530
|
7
|
0
|
33
|
|
|
23
|
if ( ! $username && ! $password ) { |
531
|
0
|
|
|
|
|
0
|
$self->render( |
532
|
|
|
|
|
|
|
status => 400, |
533
|
|
|
|
|
|
|
json => { |
534
|
|
|
|
|
|
|
error => 'invalid_request', |
535
|
|
|
|
|
|
|
error_description => 'the request was missing one of: ' |
536
|
|
|
|
|
|
|
. 'client_id, client_secret, username, password', |
537
|
|
|
|
|
|
|
error_uri => '', |
538
|
|
|
|
|
|
|
} |
539
|
|
|
|
|
|
|
); |
540
|
0
|
|
|
|
|
0
|
return 0; |
541
|
|
|
|
|
|
|
} |
542
|
|
|
|
|
|
|
} elsif ( |
543
|
|
|
|
|
|
|
$grant_type eq 'client_credentials' |
544
|
|
|
|
|
|
|
) { |
545
|
13
|
|
|
|
|
43
|
my ( $client_id,$client_secret ) = _client_credentials_from_header( $self ); |
546
|
|
|
|
|
|
|
|
547
|
13
|
100
|
66
|
|
|
54
|
if ( ! $client_id || ! $client_secret ) { |
548
|
1
|
|
|
|
|
6
|
$self->render( |
549
|
|
|
|
|
|
|
status => 400, |
550
|
|
|
|
|
|
|
json => { |
551
|
|
|
|
|
|
|
error => 'invalid_request', |
552
|
|
|
|
|
|
|
error_description => 'the request was missing an Authorization: Basic' |
553
|
|
|
|
|
|
|
. ' header or it was missing the encoded client_id:client_secret data', |
554
|
|
|
|
|
|
|
error_uri => '', |
555
|
|
|
|
|
|
|
} |
556
|
|
|
|
|
|
|
); |
557
|
1
|
|
|
|
|
357
|
return 0; |
558
|
|
|
|
|
|
|
} |
559
|
|
|
|
|
|
|
} elsif ( |
560
|
|
|
|
|
|
|
( $grant_type ne 'authorization_code' and $grant_type ne 'refresh_token' ) |
561
|
|
|
|
|
|
|
or ( $grant_type eq 'authorization_code' and ! defined( $auth_code ) ) |
562
|
|
|
|
|
|
|
or ( $grant_type eq 'authorization_code' and ! defined( $uri ) ) |
563
|
|
|
|
|
|
|
) { |
564
|
20
|
|
|
|
|
161
|
$self->render( |
565
|
|
|
|
|
|
|
status => 400, |
566
|
|
|
|
|
|
|
json => { |
567
|
|
|
|
|
|
|
error => 'invalid_request', |
568
|
|
|
|
|
|
|
error_description => 'the request was missing one of: grant_type, ' |
569
|
|
|
|
|
|
|
. 'client_id, client_secret, code, redirect_uri;' |
570
|
|
|
|
|
|
|
. 'or grant_type did not equal "authorization_code" ' |
571
|
|
|
|
|
|
|
. 'or "refresh_token"', |
572
|
|
|
|
|
|
|
error_uri => '', |
573
|
|
|
|
|
|
|
} |
574
|
|
|
|
|
|
|
); |
575
|
20
|
|
|
|
|
9806
|
return 0; |
576
|
|
|
|
|
|
|
} |
577
|
|
|
|
|
|
|
|
578
|
51
|
|
|
|
|
188
|
return 1; |
579
|
|
|
|
|
|
|
} |
580
|
|
|
|
|
|
|
|
581
|
|
|
|
|
|
|
sub _client_credentials_from_header { |
582
|
25
|
|
|
25
|
|
42
|
my ( $self ) = @_; |
583
|
|
|
|
|
|
|
|
584
|
25
|
|
|
|
|
40
|
my ( $client_id,$client_secret ); |
585
|
|
|
|
|
|
|
|
586
|
|
|
|
|
|
|
# params in the header |
587
|
25
|
100
|
|
|
|
58
|
if ( my $auth_header = $self->req->headers->header( 'Authorization' ) ) { |
|
|
50
|
|
|
|
|
|
588
|
7
|
50
|
|
|
|
168
|
if ( my ( $encoded_details ) = ( split( 'Basic ',$auth_header ) )[1] ) { |
589
|
7
|
|
100
|
|
|
48
|
my $decoded_details = b64_decode( $encoded_details // '' ); |
590
|
7
|
|
|
|
|
19
|
( $client_id,$client_secret ) = split( ':',$decoded_details ); |
591
|
7
|
|
|
|
|
26
|
return ( $client_id,$client_secret ); |
592
|
|
|
|
|
|
|
} |
593
|
|
|
|
|
|
|
|
594
|
|
|
|
|
|
|
# params in the body |
595
|
|
|
|
|
|
|
} elsif ( $client_id = $self->req->param('client_id') ) { |
596
|
18
|
|
|
|
|
1232
|
$client_secret = $self->req->param('client_secret'); |
597
|
|
|
|
|
|
|
} |
598
|
|
|
|
|
|
|
|
599
|
18
|
50
|
33
|
|
|
616
|
if ( $client_id && $client_secret ) { |
600
|
18
|
|
|
|
|
54
|
return ( $client_id,$client_secret ); |
601
|
|
|
|
|
|
|
} |
602
|
|
|
|
|
|
|
} |
603
|
|
|
|
|
|
|
|
604
|
|
|
|
|
|
|
sub _verify_credentials { |
605
|
|
|
|
|
|
|
my ( |
606
|
51
|
|
|
51
|
|
186
|
$self,$Grant,$grant_type,$refresh_token,$client_id,$client_secret, |
607
|
|
|
|
|
|
|
$auth_code,$username,$password,$uri |
608
|
|
|
|
|
|
|
) = @_; |
609
|
|
|
|
|
|
|
|
610
|
51
|
|
|
|
|
119
|
my ( $client,$error,$scope,$user_id,$old_refresh_token,$error_description ); |
611
|
|
|
|
|
|
|
|
612
|
51
|
100
|
|
|
|
223
|
if ( $grant_type eq 'refresh_token' ) { |
|
|
100
|
|
|
|
|
|
|
|
100
|
|
|
|
|
|
613
|
9
|
|
|
|
|
42
|
( $client,$error,$scope,$user_id,$error_description ) = $Grant->verify_token_and_scope( |
614
|
|
|
|
|
|
|
refresh_token => $refresh_token, |
615
|
|
|
|
|
|
|
auth_header => $self->req->headers->header( 'Authorization' ), |
616
|
|
|
|
|
|
|
mojo_controller => $self, |
617
|
|
|
|
|
|
|
); |
618
|
9
|
|
|
|
|
1980
|
$old_refresh_token = $refresh_token; |
619
|
|
|
|
|
|
|
|
620
|
|
|
|
|
|
|
} elsif ( $grant_type eq 'password' ) { |
621
|
7
|
|
|
|
|
24
|
$scope = $self->every_param( 'scope' ); |
622
|
|
|
|
|
|
|
|
623
|
7
|
|
|
|
|
405
|
( $client,$error,$scope,$user_id,$error_description ) = $Grant->verify_user_password( |
624
|
|
|
|
|
|
|
client_id => $client_id, |
625
|
|
|
|
|
|
|
client_secret => $client_secret, |
626
|
|
|
|
|
|
|
username => $username, |
627
|
|
|
|
|
|
|
password => $password, |
628
|
|
|
|
|
|
|
mojo_controller => $self, |
629
|
|
|
|
|
|
|
scopes => $scope, |
630
|
|
|
|
|
|
|
); |
631
|
|
|
|
|
|
|
} elsif ( $grant_type eq 'client_credentials' ) { |
632
|
|
|
|
|
|
|
|
633
|
12
|
|
|
|
|
16
|
my $client_secret; |
634
|
|
|
|
|
|
|
|
635
|
12
|
|
|
|
|
24
|
( $client,$client_secret ) = _client_credentials_from_header( $self ); |
636
|
|
|
|
|
|
|
|
637
|
12
|
|
|
|
|
35
|
$scope = $self->every_param( 'scope' ); |
638
|
12
|
|
|
|
|
564
|
my $res; |
639
|
|
|
|
|
|
|
|
640
|
12
|
|
|
|
|
92
|
( $res,$error,$error_description ) = $Grant->verify_client( |
641
|
|
|
|
|
|
|
client_id => $client, |
642
|
|
|
|
|
|
|
client_secret => $client_secret, |
643
|
|
|
|
|
|
|
mojo_controller => $self, |
644
|
|
|
|
|
|
|
scopes => $scope, |
645
|
|
|
|
|
|
|
); |
646
|
|
|
|
|
|
|
|
647
|
12
|
100
|
|
|
|
1680
|
undef( $client ) if ! $res; |
648
|
|
|
|
|
|
|
|
649
|
|
|
|
|
|
|
} else { |
650
|
23
|
|
|
|
|
183
|
( $client,$error,$scope,$user_id,$error_description ) = $Grant->verify_auth_code( |
651
|
|
|
|
|
|
|
client_id => $client_id, |
652
|
|
|
|
|
|
|
client_secret => $client_secret, |
653
|
|
|
|
|
|
|
auth_code => $auth_code, |
654
|
|
|
|
|
|
|
redirect_uri => $uri, |
655
|
|
|
|
|
|
|
mojo_controller => $self, |
656
|
|
|
|
|
|
|
); |
657
|
|
|
|
|
|
|
} |
658
|
|
|
|
|
|
|
|
659
|
|
|
|
|
|
|
$client = ! ref $client |
660
|
|
|
|
|
|
|
? $client |
661
|
51
|
100
|
66
|
|
|
4158
|
: ( $client->{client_id} || $client->{client} ); |
662
|
|
|
|
|
|
|
|
663
|
51
|
|
|
|
|
204
|
return ( $client,$error,$scope,$user_id,$old_refresh_token,$error_description ); |
664
|
|
|
|
|
|
|
} |
665
|
|
|
|
|
|
|
|
666
|
|
|
|
|
|
|
=head1 SEE ALSO |
667
|
|
|
|
|
|
|
|
668
|
|
|
|
|
|
|
L - The dist that handles the bulk of the |
669
|
|
|
|
|
|
|
functionality used by this plugin |
670
|
|
|
|
|
|
|
|
671
|
|
|
|
|
|
|
=head1 AUTHOR & CONTRIBUTORS |
672
|
|
|
|
|
|
|
|
673
|
|
|
|
|
|
|
Lee Johnson - C |
674
|
|
|
|
|
|
|
|
675
|
|
|
|
|
|
|
With contributions from: |
676
|
|
|
|
|
|
|
|
677
|
|
|
|
|
|
|
Nick Logan C |
678
|
|
|
|
|
|
|
|
679
|
|
|
|
|
|
|
Pierre VIGIER C |
680
|
|
|
|
|
|
|
|
681
|
|
|
|
|
|
|
Renee C |
682
|
|
|
|
|
|
|
|
683
|
|
|
|
|
|
|
=head1 LICENSE |
684
|
|
|
|
|
|
|
|
685
|
|
|
|
|
|
|
This library is free software; you can redistribute it and/or modify it under |
686
|
|
|
|
|
|
|
the same terms as Perl itself. If you would like to contribute documentation |
687
|
|
|
|
|
|
|
or file a bug report then please raise an issue / pull request: |
688
|
|
|
|
|
|
|
|
689
|
|
|
|
|
|
|
https://github.com/Humanstate/mojolicious-plugin-oauth2-server |
690
|
|
|
|
|
|
|
|
691
|
|
|
|
|
|
|
=cut |
692
|
|
|
|
|
|
|
|
693
|
|
|
|
|
|
|
1; |
694
|
|
|
|
|
|
|
|
695
|
|
|
|
|
|
|
# vim: ts=2:sw=2:et |