Kernel::System::Credential::OAuth2

NAME

Kernel::System::Credential::OAuth2 – OAuth2 Credential

DESCRIPTION

This class takes care about handling OAuth2 web tokens.

SYNOPSIS

    my $OAuth2 = Kernel::System::Credential::OAuth2->new(
        ID           => 123,                    # optional, the database identifier
        Name         => 'MyCredentialEntry',    # required, the name of the credential entry
        ValidID      => 1,                      # required, the valid identifier
        CreateTime   => '2021-09-09 08:00:00',  # optional, timestamp of the create time (now if not provided)
        CreateBy     => 123,                    # optional, UserID of the creator (1 if not given)
        ChangeTime   => '2021-09-09 08:00:00',  # optional, timestamp of the last change time (now if not provided)
        ChangeBy     => 123,                    # optional, UserID of the last modifier (1 if not given)
        Config       => {
            AuthURL  => 'https://auth.resourceowner.com/auth',  # required, the URL to start the auth process
            TokenURL => 'https://auth.resourceowner.com/auth',  # required, the URL to get the access token
            ClientID => 'superuser',                            # required, the client id of the resource owner.
            Scope    => 'the_whole_world',                      # required, the scope of the permission grant.
        },
    );

    # Check if it's needed to redirect the consumer to the resource owner auth page.
    my $Bool = $OAuth2->NeedsAuthorizationConsent();

    # Redirect the consumer to start an authorization process with maybe a needed consent.
    $Controller->redirect_to( $OAuth2->AuthURL() );

    # Get access token from resource owner.
    $OAuth2->RequestAuthorization( Code => $AuthorizationCodeFromResourceOwner );

    # Refresh access token from resource owner.
    $OAuth2->Refresh();

ATTRIBUTES

AuthURL

The authentication URL, that is used to start the authentication process.

TokenURL

The token URL, that is used to get the access token.

RedirectURI

The address the resource owner redirects to, after successful consent and/or authentication.

ClientID

The client id to be used for authentication.

ClientSecret

The client secret to be used for authentication.

Scope

The scope to request permissions for (multiple scores are separated by spaces).

METHODS

BUILD()

Unpacks a given config and passes the values to it's related attributes.

AccessToken

The access token, that is used for authentication.

Verify()

Verifies if the related access token is present, valid and in a usable state.

    my $State = $AuthCredential->Verify();

Returns

    {
        State        => 'OK'                    # String representation of the state
        UpdateNeeded => 0,                      # Indicator for a needed token update
        ValidUntil   => '2021-09-01 18:15:35',
    }

CanRefresh

Checks if the access token can be refreshed.

Refresh

Performs needed operations to refresh the access token data.

    # Refresh authorization if needed.
    my $Refreshed = $AuthCredential->Refresh();

    # Force the authorization to refresh.
    my $Refreshed = $AuthCredential->Refresh( Force => 1 );

Returns

    1     - success
    undef - in case of any error

ToBearer

Returns the bearer format of the token.

AuthURL

Returns or sets the authorization url.

TokenURL

Returns or sets the token url.

NeedsAuthorizationConsent()

Verifies if the credential is in a state that needs the user consent to get the authorization token.

FullAuthURL()

Returns the full authorization url where the user should be redirect to.

RequestAuthorization()

Requests the provider for the authorization access token.

    my $Success = $Self->RequestAuthorization(
        Code => $Code,
    );

Returns

    1 - success
    undef - error occured

ToHash()

Returns the credential configuration information in a HashRef.

    my $HashRef = $AuthCredential->ToHash();

Returns

    {
        ID     => 123,
        Name   => 'MyAuthData',
        Type   => 'BasicAuth',
        Config => {
            Username => 'myuser',
            Password => 'supersecret',
        },
        Authorization => {
            Data       => '...',
            ValidUntil => '...',
        },
        ValidID    => 1,
        CreateTime => '2021-07-02 09:30:30',
        CreateBy   => 234,
        ChangeTime => '2021-07-02 09:30:30',
        ChangeBy   => 234,
    }

PRIVATE ATTRIBUTES

PRIVATE METHODS

Scroll to Top