| Current Path : /proc/2/root/usr/local/share/man/man3/ |
| Current File : //proc/2/root/usr/local/share/man/man3/OAuth::Lite::ServerUtil.3pm |
.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.13)
.\"
.\" Standard preamble:
.\" ========================================================================
.de Sp \" Vertical space (when we can't use .PP)
.if t .sp .5v
.if n .sp
..
.de Vb \" Begin verbatim text
.ft CW
.nf
.ne \\$1
..
.de Ve \" End verbatim text
.ft R
.fi
..
.\" Set up some character translations and predefined strings. \*(-- will
.\" give an unbreakable dash, \*(PI will give pi, \*(L" will give a left
.\" double quote, and \*(R" will give a right double quote. \*(C+ will
.\" give a nicer C++. Capital omega is used to do unbreakable dashes and
.\" therefore won't be available. \*(C` and \*(C' expand to `' in nroff,
.\" nothing in troff, for use with C<>.
.tr \(*W-
.ds C+ C\v'-.1v'\h'-1p'\s-2+\h'-1p'+\s0\v'.1v'\h'-1p'
.ie n \{\
. ds -- \(*W-
. ds PI pi
. if (\n(.H=4u)&(1m=24u) .ds -- \(*W\h'-12u'\(*W\h'-12u'-\" diablo 10 pitch
. if (\n(.H=4u)&(1m=20u) .ds -- \(*W\h'-12u'\(*W\h'-8u'-\" diablo 12 pitch
. ds L" ""
. ds R" ""
. ds C` ""
. ds C' ""
'br\}
.el\{\
. ds -- \|\(em\|
. ds PI \(*p
. ds L" ``
. ds R" ''
'br\}
.\"
.\" Escape single quotes in literal strings from groff's Unicode transform.
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\"
.\" If the F register is turned on, we'll generate index entries on stderr for
.\" titles (.TH), headers (.SH), subsections (.SS), items (.Ip), and index
.\" entries marked with X<> in POD. Of course, you'll have to process the
.\" output yourself in some meaningful fashion.
.ie \nF \{\
. de IX
. tm Index:\\$1\t\\n%\t"\\$2"
..
. nr % 0
. rr F
.\}
.el \{\
. de IX
..
.\}
.\" ========================================================================
.\"
.IX Title "OAuth::Lite::ServerUtil 3"
.TH OAuth::Lite::ServerUtil 3 "2014-01-04" "perl v5.10.1" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.nh
.SH "NAME"
OAuth::Lite::ServerUtil \- server side utility
.SH "SYNOPSIS"
.IX Header "SYNOPSIS"
.Vb 3
\& my $util = OAuth::Lite::ServerUtil\->new;
\& $util\->support_signature_method(\*(AqHMAC\-SHA1\*(Aq);
\& $util\->allow_extra_params(qw/file size/);
\&
\& unless ($util\->validate_params($oauth_params)) {
\& return $server\->error(400, $util\->errstr);
\& }
\&
\& $util\->verify_signature(
\& method => $r\->method,
\& params => $oauth_params,
\& url => $request_uri,
\& consumer_secret => $consumer\->secret,
\& ) or return $server\->error(401, $util\->errstr);
.Ve
.PP
And see OAuth::Lite::Server::mod_perl2 source code.
.SH "DESCRIPTION"
.IX Header "DESCRIPTION"
This module helps you to implement application that acts as OAuth Service Provider.
.SH "PAY ATTENTION"
.IX Header "PAY ATTENTION"
If you use OAuth 1.31 or older version, its has invalid way to normalize params.
(when there are two or more same key and they contain \s-1ASCII\s0 and non \s-1ASCII\s0 value)
.PP
But the many services have already supported deprecated version,
and the correct way breaks backward compatibility.
So, from 1.32, supported both correct and deprecated method.
.PP
use \f(CW$OAuth::Lite::USE_DEPRECATED_NORMALIZER\fR to switch behaviour.
Currently 1 is set by default to keep backward compatibility.
.PP
.Vb 2
\& use OAuth::Lite::ServerUtil;
\& use OAuth::Lite;
\&
\& $OAuth::Lite::USE_DEPRECATED_NORMALIZER = 0;
\& ...
.Ve
.SH "METHODS"
.IX Header "METHODS"
.SS "new"
.IX Subsection "new"
Constructor
.PP
.Vb 1
\& my $util = OAuth::Lite::ServerUtil\->new;
.Ve
.PP
Set strict true by default, and it judge unsupported param as invalid when validating params.
You can build ServerUtil as non-strict mode, then it accepts unsupported parameters.
.PP
.Vb 1
\& my $util = OAuth::Lite::ServerUtil\->new( strict => 0 );
.Ve
.SS "allow_extra_param($param_name);"
.IX Subsection "allow_extra_param($param_name);"
When you validate oauth parameters, if an extra parameter
is included, the validation will fail.
.PP
.Vb 5
\& my $params = {
\& oauth_version => \*(Aq1.0\*(Aq,
\& ...and other oauth parameters,
\& };
\& $params\->{file} = "foo.jpg";
\&
\& # fail!
\& unless ($util\->validate_params($params)) {
\& $your_app\->error( $util\->errstr );
\& }
.Ve
.PP
So, if you want allow extra parameter, use this method.
.PP
.Vb 1
\& $util\->allow_extra_param(\*(Aqfile\*(Aq);
\&
\& my $params = {
\& oauth_version => \*(Aq1.0\*(Aq,
\& ...and other oauth parameters,
\& };
\& $params\->{file} = "foo.jpg";
\&
\& # Now this results successfully.
\& unless ($util\->validate_params($params)) {
\& $your_app\->error( $util\->errstr );
\& }
.Ve
.ie n .SS "allow_extra_params($param1, $param2, ...)"
.el .SS "allow_extra_params($param1, \f(CW$param2\fP, ...)"
.IX Subsection "allow_extra_params($param1, $param2, ...)"
You can allow multiple extra parameters at once.
.PP
.Vb 1
\& $util\->allow_extra_params(qw/file size/);
.Ve
.SS "support_signature_method($method_class_name);"
.IX Subsection "support_signature_method($method_class_name);"
Set the signature method class's name that your server can supports.
.PP
.Vb 1
\& $util\->support_signature_method(\*(AqHMAC_SHA1\*(Aq);
.Ve
.PP
This method requires indicated signature method class inside.
So, you should install OAuth::Lite::SignatureMethod::$method_class_name beforehand.
For example, when your choise is \s-1HMAC_SHA1\s0, you need to have
OAuth::Lite::SignatureMethod::HMAC_SHA1 installed in your server.
.ie n .SS "support_signature_methods($method1, $method2, ...);"
.el .SS "support_signature_methods($method1, \f(CW$method2\fP, ...);"
.IX Subsection "support_signature_methods($method1, $method2, ...);"
You can set multiple signature method class at once.
.PP
.Vb 1
\& $util\->support_signature_methods(qw/HMAC_SHA1 RSA_SHA1/);
.Ve
.SS "validate_params($params, [$check_token]);"
.IX Subsection "validate_params($params, [$check_token]);"
Check if the request includes all required params
and doesn't include unsupported params.
It doesn't check unsupported params when working on strict mode.
.PP
.Vb 3
\& unless ($util\->validate_params($params)) {
\& $your_app\->error( $util\->errstr );
\& }
.Ve
.PP
When the request is to exchange tokens or to access to protected resources,
pass 1 for second argument. This flag indicates that oauth_token param is needed.
.PP
.Vb 3
\& unless ($util\->validate_params($params, 1)) {
\& $your_app\->error( $util\->errstr );
\& }
.Ve
.SS "validate_signature_method($method_name)"
.IX Subsection "validate_signature_method($method_name)"
.Vb 1
\& unless ($util\->validate_signature_method(\*(AqHMAC\-SHA1\*(Aq)) {
\&
\& $your_app\->error(qq/Unsupported signature method/);
\& ...
\& }
.Ve
.SS "verify_signature(%args)"
.IX Subsection "verify_signature(%args)"
.IP "method \- \s-1HTTP\s0 request method" 4
.IX Item "method - HTTP request method"
.PD 0
.IP "params \- parameters hash reference" 4
.IX Item "params - parameters hash reference"
.IP "url \- requested uri" 4
.IX Item "url - requested uri"
.IP "consumer_secret \- consumer secret value(optional)" 4
.IX Item "consumer_secret - consumer secret value(optional)"
.IP "token_secret \- token secret value(optional)" 4
.IX Item "token_secret - token secret value(optional)"
.PD
.PP
.Vb 8
\& # you can omit consumer_secret and token_secret if you don\*(Aqt need them.
\& $util\->verify_signature(
\& method => $r\->method,
\& params => $params,
\& url => $requested_uri,
\& consumer_secret => $consumer_secret,
\& token_secret => $token_secret,
\& ) or die $utl\->errstr;
.Ve
.SH "SEE ALSO"
.IX Header "SEE ALSO"
OAuth::Lite::Server::mod_perl2
.SH "AUTHOR"
.IX Header "AUTHOR"
Lyo Kato, \f(CW\*(C`lyo.kato _at_ gmail.com\*(C'\fR
.SH "COPYRIGHT AND LICENSE"
.IX Header "COPYRIGHT AND LICENSE"
This library is free software; you can redistribute it and/or modify
it under the same terms as Perl itself, either Perl version 5.8.6 or,
at your option, any later version of Perl 5 you may have available.
Copyright 2K16 - 2K18 Indonesian Hacker Rulez
;?>)