Net::OAuth::Simple - a simple wrapper round the OAuth protocol
First create a sub class of Net::OAuth::Simple that will do you requests for you.
Net::OAuth::Simple
package Net::AppThatUsesOAuth; use strict; use base qw(Net::OAuth::Simple); sub new { my $class = shift; my %tokens = @_; return $class->SUPER::new( tokens => \%tokens, protocol_version => '1.0a', urls => { authorization_url => ..., request_token_url => ..., access_token_url => ..., }); } sub view_restricted_resource { my $self = shift; my $url = shift; return $self->make_restricted_request($url, 'GET'); } sub update_restricted_resource { my $self = shift; my $url = shift; my %extra_params = @_; return $self->make_restricted_request($url, 'POST', %extra_params); } 1;
Then in your main app you need to do
# Get the tokens from the command line, a config file or wherever my %tokens = get_tokens(); my $app = Net::AppThatUsesOAuth->new(%tokens); # Check to see we have a consumer key and secret unless ($app->consumer_key && $app->consumer_secret) { die "You must go get a consumer key and secret from App\n"; } # If the app is authorized (i.e has an access token and secret) # Then look at a restricted resourse if ($app->authorized) { my $response = $app->view_restricted_resource; print $response->content."\n"; exit; } # Otherwise the user needs to go get an access token and secret print "Go to ".$app->get_authorization_url."\n"; print "Then hit return after\n"; <STDIN>; my ($access_token, $access_token_secret) = $app->request_access_token; # Now save those values
Note the flow will be somewhat different for web apps since the request token and secret will need to be saved whilst the user visits the authorization url.
For examples go look at the Net::FireEagle module and the fireeagle command line script that ships with it. Also in the same distribution in the examples/ directory is a sample web app.
Net::FireEagle
fireeagle
examples/
Create a new OAuth enabled app - takes a hash of params.
One of the keys of the hash must be tokens, the value of which must be a hash ref with the keys:
tokens
Then, when you have your per-use access token and secret you can supply
Another key of the hash must be urls, the value of which must be a hash ref with the keys
urls
If you pass in a key protocol_version with a value equal to 1.0a then the newest version of the OAuth protocol will be used. A value equal to 1.0 will mean the old version will be used. Defaults to 1.0a
protocol_version
You can pass in your own User Agent by using the key browser.
browser
If you pass in return_undef_on_error then instead of die-ing on error methods will return undef instead and the error can be retrieved using the last_error() method. See the section on ERROR HANDLING.
return_undef_on_error
die
last_error()
Whether or not we're using 1.0a version of OAuth (necessary for, amongst others, FireEagle)
Whether the client has the necessary credentials to be authorized.
Note that the credentials may be wrong and so the request may still fail.
The signature method to use.
Defaults to HMAC-SHA1
Get all the tokens.
Returns the current consumer key.
Can optionally set the consumer key.
Returns the current consumer secret.
Can optionally set the consumer secret.
Returns the current access token.
Can optionally set a new token.
Returns the current access token secret.
Can optionally set a new secret.
Get or set the general token.
See documentation in new()
new()
Get or set the general token secret.
Is the app currently authorized for general token requests.
Returns the current request token.
Returns the current request token secret.
Returns the current oauth_verifier.
Can optionally set a new verifier.
Returns the oauth callback.
Can optionally set the oauth callback.
Returns the oauth callback confirmed.
Can optionally set the oauth callback confirmed.
Get the url the user needs to visit to authorize as a URI object.
Note: this is the base url - not the full url with the necessary OAuth params.
Get the url to obtain a request token as a URI object.
Get the url to obtain an access token as a URI object.
Request the access token and access token secret for this user.
The user must have authorized this app at the url given by get_authorization_url first.
get_authorization_url
Returns the access token and access token secret but also sets them internally so that after calling this method you can immediately call a restricted method.
If you pass in a hash of params then they will added as parameters to the URL.
The same as request_access_token but for xAuth.
request_access_token
For more information on xAuth see
http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-oauth-access_token-for-xAuth
You must pass in the parameters
x_auth_username x_auth_password x_auth_mode
You must have HTTPS enabled for LWP::UserAgent.
See examples/twitter_xauth for a sample implementation.
examples/twitter_xauth
Request the request token and request token secret for this user.
This is called automatically by get_authorization_url if necessary.
Get the URL to authorize a user as a URI object.
Make a request to url using the given HTTP method.
url
Any extra parameters can be passed in as a hash.
Make a request to url using the given HTTP method using the general purpose tokens.
Get the last error message.
Only works if return_undef_on_error was passed in to the constructor.
See the section on ERROR HANDLING.
A convenience method for loading tokens from a config file.
Returns a hash with the token names suitable for passing to new().
Returns an empty hash if the file doesn't exist.
A convenience method to save a hash of tokens out to the given file.
Originally this module would die upon encountering an error (inheriting behaviour from the original Yahoo! code).
This is still the default behaviour however if you now pass
return_undef_on_error => 1
into the constructor then all methods will return undef on error instead.
The error message is accessible via the last_error() method.
Google's OAuth API requires the non-standard scope parameter to be set in request_token_url, and you also explicitly need to pass an oauth_callback to get_authorization_url() method, so that you can direct the user to your site if you're authenticating users in Web Application mode. Otherwise Google will let user grant acesss as a desktop app mode and doesn't redirect users back.
scope
request_token_url
oauth_callback
get_authorization_url()
Here's an example class that uses Google's Portable Contacts API via OAuth:
package Net::AppUsingGoogleOAuth; use strict; use base qw(Net::OAuth::Simple); sub new { my $class = shift; my %tokens = @_; return $class->SUPER::new( tokens => \%tokens, urls => { request_token_url => "https://www.google.com/accounts/OAuthGetRequestToken?scope=http://www-opensocial.googleusercontent.com/api/people", authorization_url => "https://www.google.com/accounts/OAuthAuthorizeToken", access_token_url => "https://www.google.com/accounts/OAuthGetAccessToken", }, ); } package main; my $oauth = Net::AppUsingGoogleOAuth->new(%tokens); # Web application $app->redirect( $oauth->get_authorization_url( callback => "http://you.example.com/oauth/callback") ); # Desktop application print "Open the URL and come back once you're authenticated!\n", $oauth->get_authorization_url;
See http://code.google.com/apis/accounts/docs/OAuth.html and other services API documentation for the possible list of scope parameter value.
If Math::Random::MT is installed then any nonces generated will use a Mersenne Twiser instead of Perl's built in randomness function.
Math::Random::MT
There are example Twitter and Twitter xAuth 'desktop' apps and a FireEagle OAuth 1.0a web app in the examples directory of the distribution.
Non known
The latest code for this module can be found at
https://svn.unixbeard.net/simon/Net-OAuth-Simple
Simon Wistow, <simon@thegestalt.org>
<simon@thegestalt.org
Please report any bugs or feature requests to bug-net-oauth-simple at rt.cpan.org, or through the web interface at http://rt.cpan.org/NoAuth/ReportBug.html?Queue=Net-OAuth-Simple. I will be notified, and then you'll automatically be notified of progress on your bug as I make changes.
bug-net-oauth-simple at rt.cpan.org
You can find documentation for this module with the perldoc command.
perldoc Net::OAuth::Simple
You can also look for information at:
RT: CPAN's request tracker
http://rt.cpan.org/NoAuth/Bugs.html?Dist=Net-OAuth-Simple
AnnoCPAN: Annotated CPAN documentation
http://annocpan.org/dist/Net-OAuth-Simple
CPAN Ratings
http://cpanratings.perl.org/d/Net-OAuth-Simple
Search CPAN
http://search.cpan.org/dist/Net-OAuth-Simple/
Copyright 2009 Simon Wistow, all rights reserved.
This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
To install Net::OAuth::Simple, copy and paste the appropriate command in to your terminal.
cpanm
cpanm Net::OAuth::Simple
CPAN shell
perl -MCPAN -e shell install Net::OAuth::Simple
For more information on module installation, please visit the detailed CPAN module installation guide.