NAME
Kernel::System::Credential::OAuth2 – OAuth2 Credential
DESCRIPTION
This class takes care about handling OAuth2 web tokens.
SYNOPSIS
my $OAuth2 = Kernel::System::Credential::OAuth2->new(
ID => 123, # optional, the database identifier
Name => 'MyCredentialEntry', # required, the name of the credential entry
ValidID => 1, # required, the valid identifier
CreateTime => '2021-09-09 08:00:00', # optional, timestamp of the create time (now if not provided)
CreateBy => 123, # optional, UserID of the creator (1 if not given)
ChangeTime => '2021-09-09 08:00:00', # optional, timestamp of the last change time (now if not provided)
ChangeBy => 123, # optional, UserID of the last modifier (1 if not given)
Config => {
AuthURL => 'https://auth.resourceowner.com/auth', # required, the URL to start the auth process
TokenURL => 'https://auth.resourceowner.com/auth', # required, the URL to get the access token
ClientID => 'superuser', # required, the client id of the resource owner.
Scope => 'the_whole_world', # required, the scope of the permission grant.
},
);
# Check if it's needed to redirect the consumer to the resource owner auth page.
my $Bool = $OAuth2->NeedsAuthorizationConsent();
# Redirect the consumer to start an authorization process with maybe a needed consent.
$Controller->redirect_to( $OAuth2->AuthURL() );
# Get access token from resource owner.
$OAuth2->RequestAuthorization( Code => $AuthorizationCodeFromResourceOwner );
# Refresh access token from resource owner.
$OAuth2->Refresh();
ATTRIBUTES
AuthURL
The authentication URL, that is used to start the authentication process.
TokenURL
The token URL, that is used to get the access token.
RedirectURI
The address the resource owner redirects to, after successful consent and/or authentication.
ClientID
The client id to be used for authentication.
ClientSecret
The client secret to be used for authentication.
Scope
The scope to request permissions for (multiple scores are separated by spaces).
METHODS
BUILD()
Unpacks a given config and passes the values to it's related attributes.
AccessToken
The access token, that is used for authentication.
Verify()
Verifies if the related access token is present, valid and in a usable state.
my $State = $AuthCredential->Verify();
Returns
{
State => 'OK' # String representation of the state
UpdateNeeded => 0, # Indicator for a needed token update
ValidUntil => '2021-09-01 18:15:35',
}
CanRefresh
Checks if the access token can be refreshed.
Refresh
Performs needed operations to refresh the access token data.
# Refresh authorization if needed.
my $Refreshed = $AuthCredential->Refresh();
# Force the authorization to refresh.
my $Refreshed = $AuthCredential->Refresh( Force => 1 );
Returns
1 - success
undef - in case of any error
ToBearer
Returns the bearer format of the token.
AuthURL
Returns or sets the authorization url.
TokenURL
Returns or sets the token url.
NeedsAuthorizationConsent()
Verifies if the credential is in a state that needs the user consent to get the authorization token.
FullAuthURL()
Returns the full authorization url where the user should be redirect to.
RequestAuthorization()
Requests the provider for the authorization access token.
my $Success = $Self->RequestAuthorization(
Code => $Code,
);
Returns
1 - success
undef - error occured
ToHash()
Returns the credential configuration information in a HashRef
.
my $HashRef = $AuthCredential->ToHash();
Returns
{
ID => 123,
Name => 'MyAuthData',
Type => 'BasicAuth',
Config => {
Username => 'myuser',
Password => 'supersecret',
},
Authorization => {
Data => '...',
ValidUntil => '...',
},
ValidID => 1,
CreateTime => '2021-07-02 09:30:30',
CreateBy => 234,
ChangeTime => '2021-07-02 09:30:30',
ChangeBy => 234,
}