Net::OAuth::Simple - a simple wrapper round the OAuth protocol

First create a sub class of Net::OAuth::Simple that will do you requests for you.

    package Net::AppThatUsesOAuth;

    use strict;
    use base qw(Net::OAuth::Simple);




    sub new {
        my $class  = shift;
        my %tokens = @_;
        return $class->SUPER::new( tokens => \%tokens, 
                                   protocol_version => '1.0a',
                                   urls   => {
                                        authorization_url => ...,
                                        request_token_url => ...,
                                        access_token_url  => ...,
                                   });
    }

    sub view_restricted_resource {
        my $self = shift;
        my $url  = shift;
        return $self->make_restricted_request($url, 'GET');
    }

    sub update_restricted_resource {
        my $self         = shift;
        my $url          = shift;
        my %extra_params = @_;
        return $self->make_restricted_request($url, 'POST', %extra_params);    
    }
    1;

Then in your main app you need to do

    # Get the tokens from the command line, a config file or wherever 
    my %tokens  = get_tokens(); 
    my $app     = Net::AppThatUsesOAuth->new(%tokens);

    # Check to see we have a consumer key and secret
    unless ($app->consumer_key && $app->consumer_secret) {
        die "You must go get a consumer key and secret from App\n";
    } 

    # If the app is authorized (i.e has an access token and secret)
    # Then look at a restricted resourse
    if ($app->authorized) {
        my $response = $app->view_restricted_resource;
        print $response->content."\n";
        exit;
    }




    # Otherwise the user needs to go get an access token and secret
    print "Go to ".$app->get_authorization_url."\n";
    print "Then hit return after\n";
    <STDIN>;

    my ($access_token, $access_token_secret) = $app->request_access_token;

    # Now save those values

Note the flow will be somewhat different for web apps since the request token and secret will need to be saved whilst the user visits the authorization url.

For examples go look at the Net::FireEagle module and the fireeagle command line script that ships with it. Also in the same distribution in the examples/ directory is a sample web app.

Create a new OAuth enabled app - takes a hash of params.

One of the keys of the hash must be tokens, the value of which must be a hash ref with the keys:

consumer_key

consumer_secret

Then, when you have your per-use access token and secret you can supply

access_token

access_secret

Another key of the hash must be urls, the value of which must be a hash ref with the keys

authorization_url

request_token_url

access_token_url

If you pass in a key protocol_version with a value equal to 1.0a then the newest version of the OAuth protocol will be used. A value equal to 1.0 will mean the old version will be used. Defaults to 1.0a

You can pass in your own User Agent by using the key browser.

If you pass in return_undef_on_error then instead of die-ing on error methods will return undef instead and the error can be retrieved using the last_error() method. See the section on ERROR HANDLING.

Whether or not we're using 1.0a version of OAuth (necessary for, amongst others, FireEagle)

Whether the client has the necessary credentials to be authorized.

Note that the credentials may be wrong and so the request may still fail.

The signature method to use.

Defaults to HMAC-SHA1

Get all the tokens.

Returns the current consumer key.

Can optionally set the consumer key.

Returns the current consumer secret.

Can optionally set the consumer secret.

Returns the current access token.

Can optionally set a new token.

Returns the current access token secret.

Can optionally set a new secret.

Get or set the general token.

See documentation in new()

Get or set the general token secret.

See documentation in new()

Is the app currently authorized for general token requests.

See documentation in new()

Returns the current request token.

Can optionally set a new token.

Returns the current request token secret.

Can optionally set a new secret.

Returns the current oauth_verifier.

Can optionally set a new verifier.

Returns the oauth callback.

Can optionally set the oauth callback.

Returns the oauth callback confirmed.

Can optionally set the oauth callback confirmed.

Get the url the user needs to visit to authorize as a URI object.

Note: this is the base url - not the full url with the necessary OAuth params.

Get the url to obtain a request token as a URI object.

Get the url to obtain an access token as a URI object.

Request the access token and access token secret for this user.

The user must have authorized this app at the url given by get_authorization_url first.

Returns the access token and access token secret but also sets them internally so that after calling this method you can immediately call a restricted method.

If you pass in a hash of params then they will added as parameters to the URL.

The same as request_access_token but for xAuth.

For more information on xAuth see

    http://apiwiki.twitter.com/Twitter-REST-API-Method%3A-oauth-access_token-for-xAuth  

You must pass in the parameters

    x_auth_username
    x_auth_password
    x_auth_mode

You must have HTTPS enabled for LWP::UserAgent.

See examples/twitter_xauth for a sample implementation.

Request the request token and request token secret for this user.

This is called automatically by get_authorization_url if necessary.

If you pass in a hash of params then they will added as parameters to the URL.

Get the URL to authorize a user as a URI object.

If you pass in a hash of params then they will added as parameters to the URL.

Make a request to url using the given HTTP method.

Any extra parameters can be passed in as a hash.

Make a request to url using the given HTTP method using the general purpose tokens.

Any extra parameters can be passed in as a hash.

Get the last error message.

Only works if return_undef_on_error was passed in to the constructor.

See the section on ERROR HANDLING.

A convenience method for loading tokens from a config file.

Returns a hash with the token names suitable for passing to new().

Returns an empty hash if the file doesn't exist.

A convenience method to save a hash of tokens out to the given file.

Originally this module would die upon encountering an error (inheriting behaviour from the original Yahoo! code).

This is still the default behaviour however if you now pass

    return_undef_on_error => 1

into the constructor then all methods will return undef on error instead.

The error message is accessible via the last_error() method.

Google's OAuth API requires the non-standard scope parameter to be set in request_token_url, and you also explicitly need to pass an oauth_callback to get_authorization_url() method, so that you can direct the user to your site if you're authenticating users in Web Application mode. Otherwise Google will let user grant acesss as a desktop app mode and doesn't redirect users back.

Here's an example class that uses Google's Portable Contacts API via OAuth:

    package Net::AppUsingGoogleOAuth;
    use strict;
    use base qw(Net::OAuth::Simple);

    sub new {
        my $class  = shift;
        my %tokens = @_;
        return $class->SUPER::new(
            tokens => \%tokens, 
            urls   => {
                request_token_url => "https://www.google.com/accounts/OAuthGetRequestToken?scope=http://www-opensocial.googleusercontent.com/api/people",
                authorization_url => "https://www.google.com/accounts/OAuthAuthorizeToken",
                access_token_url  => "https://www.google.com/accounts/OAuthGetAccessToken",
            },
        );
    }

    package main;
    my $oauth = Net::AppUsingGoogleOAuth->new(%tokens);

    # Web application
    $app->redirect( $oauth->get_authorization_url( callback => "http://you.example.com/oauth/callback") );

    # Desktop application
    print "Open the URL and come back once you're authenticated!\n",
        $oauth->get_authorization_url;

See http://code.google.com/apis/accounts/docs/OAuth.html and other services API documentation for the possible list of scope parameter value.

If Math::Random::MT is installed then any nonces generated will use a Mersenne Twiser instead of Perl's built in randomness function.

There are example Twitter and Twitter xAuth 'desktop' apps and a FireEagle OAuth 1.0a web app in the examples directory of the distribution.

Non known

The latest code for this module can be found at

    https://svn.unixbeard.net/simon/Net-OAuth-Simple

Simon Wistow, <simon@thegestalt.org >

Please report any bugs or feature requests to bug-net-oauth-simple at rt.cpan.org, or through the web interface at http://rt.cpan.org/NoAuth/ReportBug.html?Queue=Net-OAuth-Simple. I will be notified, and then you'll automatically be notified of progress on your bug as I make changes.

You can find documentation for this module with the perldoc command.

    perldoc Net::OAuth::Simple

You can also look for information at:

* RT: CPAN's request tracker

http://rt.cpan.org/NoAuth/Bugs.html?Dist=Net-OAuth-Simple

* AnnoCPAN: Annotated CPAN documentation

http://annocpan.org/dist/Net-OAuth-Simple

* CPAN Ratings

http://cpanratings.perl.org/d/Net-OAuth-Simple

* Search CPAN

http://search.cpan.org/dist/Net-OAuth-Simple/

Copyright 2009 Simon Wistow, all rights reserved.

This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself.