AnyEvent-Yubico
view release on metacpan or search on metacpan
lib/AnyEvent/Yubico.pm view on Meta::CPAN
# Signs a parameter hash using the client API key.
sub sign {
my ($self, $params) = @_;
my $content = "";
foreach my $key (sort keys %$params) {
$content = $content."&$key=$params->{$key}";
}
$content = substr($content, 1);
my $key = decode_base64($self->{api_key});
my $signature = encode_base64(hmac_sha1($content, $key), '');
return $signature;
}
# Parses a response body into a hash.
sub parse_response {
my $body = shift;
my $response = {};
if($body) {
my @lines = split(' ', $body);
foreach my $line (@lines) {
my $index = index($line, '=');
$response->{substr($line, 0, $index)} = substr($line, $index+1);
}
}
return $response;
}
1;
__END__
=head1 NAME
AnyEvent::Yubico - AnyEvent based Perl extension for validating YubiKey OTPs.
Though AnyEvent is used internally, the module does not impose any particular
coding style on the caller. Provides both blocking and non-blocking methods of
OTP verification.
=head1 SYNOPSIS
use AnyEvent::Yubico;
$yk = AnyEvent::Yubico->new({ client_id => 4711, api_key => '<your API key here>' });
$result = $yk->verify('<YubiKey OTP here>');
if($result) ...
For more details about the response, instead call verify_sync($otp), which
returns a hash containing all the parameters that were in the response.
$result_details = $yk->verify_sync('<YubiKey OTP here>');
if($result_details->{status} == 'OK') ...
As an alternative, you can call verify_async, which will return a condition
variable immediately. This can be used if your application already uses an
asynchronous model. You can also pass a callback as a second parameter to
verify as well as verify_async, which will be invoked once validation has
completed, with the result.
$result_cv = $yk->verify_async('<YubiKey OTP here>', sub {
#Callback invoked when verification is done
$result_details = shift;
if($result_details->{status} eq 'OK') ...
});
#Wait for the result (blocking, same as calling verify directly).
$result_details = $result_cv->recv;
=head1 DESCRIPTION
Validates a YubiKey OTP (One Time Password) using the YKVAL 2.0 protocol as
defined here: https://github.com/Yubico/yubikey-val/wiki/ValidationProtocolV20
To use this module, an API key is required, which can be requested here:
https://upgrade.yubico.com/getapikey/
When creating the AnyEvent::Yubico instance, the following arguments can be passed:
=over 4
=item client_id = $id_int
Required. The client ID corresponding to the API key.
=item api_key => $api_key_string
Optional. The API key used to sign requests and verify responses. Without
this response signatures won't be verified.
=item urls => $array_of_urls
Optional. Defines which validation server URLs to query. The default uses
the public YubiCloud validation servers. Must support version 2.0 of the
validation protocol.
Example:
$yk = AnyEvent::Yubico->new({
client_id => ...,
api_key => ...,
urls => [
"http://example.com/wsapi/2.0/verify",
"http://127.0.0.1/wsapi/2.0/verify"
]
});
=item sign_requests => $enable
Optional. When enabled (enabled by default) requests will be signed, as long
as api_key is also provided.
=item timeout => $seconds
Optional. Timeout parameter sent to the server, see the protocol details for
more information.
( run in 2.936 seconds using v1.01-cache-2.11-cpan-9581c071862 )