Net-OAuth
view release on metacpan or search on metacpan
lib/Net/OAuth.pm view on Meta::CPAN
my $request = Net::OAuth->request('Request Token')->new(
%params,
request_url => 'https://photos.example.net/request_token',
extra_params => {
foo => 'bar'
},
);
my $request = Net::OAuth->request('Request Token')->new(
%params,
request_url => 'https://photos.example.net/request_token?foo=bar',
);
Calling $request->request_url will still return whatever you set it to originally. If you want to get the request_url with the query parameters removed, you can do:
my $url = $request->normalized_request_url;
=head2 SIGNATURE METHODS
The following signature methods are supported:
=over
=item * PLAINTEXT
=item * HMAC-SHA1
=item * HMAC-SHA256
=item * RSA-SHA1
=back
The signature method is determined by the value of the signature_method parameter that is passed to the message constructor.
If an unknown signature method is specified, the signing/verification will throw an exception.
=head3 PLAINTEXT SIGNATURES
This method is a trivial signature which adds no security. Not recommended.
=head3 HMAC-SHA1 SIGNATURES
This method is available if you have Digest::SHA installed. This is by far the most commonly used method.
=head3 HMAC-SHA256 SIGNATURES
This method is available if you have Digest::SHA installed.
=head3 RSA-SHA1 SIGNATURES
To use RSA-SHA1 signatures, pass in a Crypt::OpenSSL::RSA object (or any object that can do $o->sign($str) and/or $o->verify($str, $sig))
E.g.
Consumer:
use Crypt::OpenSSL::RSA;
use File::Slurp;
$keystring = read_file('private_key.pem');
$private_key = Crypt::OpenSSL::RSA->new_private_key($keystring);
$request = Net::OAuth->request('request token')->new(%params);
$request->sign($private_key);
Service Provider:
use Crypt::OpenSSL::RSA;
use File::Slurp;
$keystring = read_file('public_key.pem');
$public_key = Crypt::OpenSSL::RSA->new_public_key($keystring);
$request = Net::OAuth->request('request token')->new(%params);
if (!$request->verify($public_key)) {
die "Signature verification failed";
}
Note that you can pass the key in as a parameter called 'signature_key' to the message constructor, rather than passing it to the sign/verify method, if you like.
=head2 CONSUMER REQUESTS
To send a request without including a token, use a Consumer Request:
my $request = Net::OAuth->request('consumer')->new(
consumer_key => 'dpf43f3p2l4k3l03',
consumer_secret => 'kd94hf93k423kf44',
request_url => 'http://provider.example.net/profile',
request_method => 'GET',
signature_method => 'HMAC-SHA1',
timestamp => '1191242096',
nonce => 'kllo9940pd9333jh',
);
$request->sign;
See L<Net::OAuth::ConsumerRequest>
=head2 I18N
Per the OAuth spec, when making the signature Net::OAuth first encodes parameters to UTF-8. This means that any parameters you pass to Net::OAuth, if they might be outside of ASCII character set, should be run through Encode::decode() (or an equivale...
=head2 OAUTH 1.0A
Background:
L<http://mojodna.net/2009/05/20/an-idiots-guide-to-oauth-10a.html>
L<http://oauth.googlecode.com/svn/spec/core/1.0a/drafts/3/oauth-core-1_0a.html>
Net::OAuth defaults to OAuth 1.0 spec compliance, and supports OAuth 1.0 Rev A with an optional switch:
use Net::OAuth
$Net::OAuth::PROTOCOL_VERSION = Net::OAuth::PROTOCOL_VERSION_1_0A;
It is recommended that any new projects use this switch if possible, and existing projects move to supporting this switch as soon as possible. Probably the easiest way for existing projects to do this is to turn on the switch and run your test suite...
Internally, the Net::OAuth::Message constructor checks $Net::OAuth::PROTOCOL_VERSION and attempts to load the equivalent subclass in the Net::OAuth::V1_0A:: namespace. So if you instantiate a Net::OAuth::RequestTokenRequest object, you will end up w...
protocol_version => Net::OAuth::PROTOCOL_VERSION_1_0A
in the API parameters hash.
If you are not sure whether the entity you are communicating with is 1.0A compliant, you can try instantiating a 1.0A message first and then fall back to 1.0 if that fails:
use Net::OAuth
( run in 1.370 second using v1.01-cache-2.11-cpan-39bf76dae61 )