File Coverage

lib/Google/RestApi/Auth/OAuth2Client.pm
Criterion Covered Total %
statement 27 74 36.4
branch 0 14 0.0
condition 1 2 50.0
subroutine 7 14 50.0
pod 1 7 14.2
total 36 111 32.4


line stmt bran cond sub pod time code
1             package Google::RestApi::Auth::OAuth2Client;
2              
3             our $VERSION = '1.0.3';
4              
5 1     1   769 use Google::RestApi::Setup;
  1         2  
  1         13  
6              
7             # this was taken from Net::Google::DataAPI::Auth::OAuth2 and had a moose-ectomy. this will
8             # get rid of warnings about switching to Moo instead of Moose::Any.
9             #
10             # NOTE NOTE NOTE: to generate a config file and token file for use by this module, see:
11             # bin/google_restapi_oauth_token_creator in this package.
12              
13 1     1   14382 use Net::OAuth2::Client ();
  1         74593  
  1         29  
14 1     1   9 use Net::OAuth2::Profile::WebServer ();
  1         3  
  1         20  
15 1     1   5 use Storable qw( retrieve );
  1         2  
  1         46  
16 1     1   6 use URI ();
  1         3  
  1         21  
17              
18 1     1   5 use parent 'Google::RestApi::Auth';
  1         3  
  1         5  
19              
20             sub new {
21 141     141 1 439 my $class = shift;
22              
23 141         747 my %p = @_;
24             # order is important, resolve the overall config file first.
25 141         735 resolve_config_file_path(\%p, 'config_file');
26 141         518 resolve_config_file_path(\%p, 'token_file');
27              
28 140         830 my $self = merge_config_file(%p);
29 140         357 state $check = compile_named(
30             config_dir => ReadableDir, { optional => 1 },
31             config_file => ReadableFile, { optional => 1 },
32             token_file => ReadableFile, { optional => 1 },
33             client_id => Str,
34             client_secret => Str,
35             scope => ArrayRef[Str], { optional => 1 },
36             state => Str, { default => '' },
37             redirect_uri => Str, { default => 'urn:ietf:wg:oauth:2.0:oob' },
38             site => Str, { default => 'https://accounts.google.com' },
39             authorize_path => Str, { default => '/o/oauth2/auth' },
40             access_token_path => Str, { default => '/o/oauth2/token' },
41             userinfo_url => Str, { default => 'https://www.googleapis.com/oauth2/v1/userinfo' },
42             );
43 140         12736 $self = $check->(%$self);
44              
45             $self->{scope} ||= [ # when added to default above, check silently fails to compile.
46 140   50     12666 'https://www.googleapis.com/auth/userinfo.profile',
47             'https://www.googleapis.com/auth/userinfo.email',
48             ];
49              
50 140         876 return bless $self, $class;
51             }
52              
53             sub headers {
54 0     0     my $self = shift;
55 0 0         return $self->{headers} if $self->{headers};
56              
57             $self->access_token(
58             refresh_token => retrieve($self->{token_file})->{refresh_token},
59 0           auto_refresh => 1,
60             );
61 0           $self->refresh_token();
62 0           my $access_token = $self->access_token()->access_token();
63 0           INFO("Successfully attained access token");
64              
65 0           $self->{headers} = [ Authorization => "Bearer $access_token" ];
66              
67 0           return $self->{headers};
68             }
69              
70             sub authorize_url {
71 0     0 0   my $self = shift;
72 0           my $server = $self->oauth2_webserver();
73             return $server->authorize(
74 0           scope => join(' ', @{ $self->{scope} }), @_
  0            
75             );
76             }
77              
78             sub access_token {
79 0     0 0   my $self = shift;
80              
81 0 0         if (scalar @_ == 1) {
    0          
82 0           state $check = compile(Str);
83 0           my ($code) = $check->(@_);
84 0           my $server = $self->oauth2_webserver();
85 0           $self->{access_token} = $server->get_access_token($code);
86 0           DEBUG("Created access token:\n", Dump($self->{access_token}));
87             } elsif (@_) {
88 0           state $check = compile_named(
89             refresh_token => Str,
90             auto_refresh => Bool,
91             );
92 0           my $p = $check->(@_);
93 0           $p->{profile} = $self->oauth2_webserver();
94             # DEBUG("Building access token from:\n", Dump($p)); # shows secret in the logs.
95 0           $self->{access_token} = Net::OAuth2::AccessToken->new(%$p);
96             }
97              
98 0           return $self->{access_token};
99             }
100              
101             sub refresh_token {
102 0     0 0   my ($self, $refresh_token) = @_;
103 0           DEBUG("About to refresh token");
104 0           my $server = $self->oauth2_webserver();
105 0           $server->update_access_token($self->access_token());
106 0           return $self->access_token()->refresh();
107             }
108              
109             sub oauth2_client {
110 0     0 0   my $self = shift;
111 0 0         if (!$self->{oauth2_client}) {
112 0           DEBUG("Creating OAuth2 client");
113             $self->{oauth2_client} = Net::OAuth2::Client->new(
114             $self->{client_id},
115             $self->{client_secret},
116             site => $self->{site},
117             authorize_path => $self->{authorize_path},
118             access_token_path => $self->{access_token_path},
119             refresh_token_path => $self->{access_token_path},
120 0           );
121             }
122 0           return $self->{oauth2_client};
123             }
124              
125             sub oauth2_webserver {
126 0     0 0   my $self = shift;
127 0 0         if (!$self->{oauth2_webserver}) {
128 0           DEBUG("Creating OAuth2 web server");
129 0           my $client = $self->oauth2_client();
130             $self->{oauth2_webserver} = $client->web_server(
131             redirect_uri => $self->{redirect_uri},
132             state => $self->{state},
133 0           );
134             }
135 0           return $self->{oauth2_webserver};
136             }
137              
138             # not currently used
139             sub userinfo {
140 0     0 0   my $self = shift;
141 0           my $token = $self->access_token();
142 0           my $url = URI->new($self->{userinfo_url});
143 0           my $res = $token->get($url);
144 0 0         $res->is_success or LOGDIE 'userinfo request failed: ' . $res->as_string;
145 0 0         my %res_params = $self->oauth2_webserver()->params_from_response($res)
146             or LOGDIE 'params_from_response for userinfo response failed';
147 0           return \%res_params;
148             }
149              
150             1;
151              
152             __END__
153              
154             =head1 NAME
155              
156             Google::RestApi::Auth::OAuth2Client - OAuth2 support for Google Rest APIs
157              
158             =head1 SYNOPSIS
159              
160             use Google::RestApi::Auth::OAuth2Client;
161              
162             my $oauth2 = Google::RestApi::Auth::OAuth2Client->new(
163             client_id => 'xxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com',
164             client_secret => 'mys3cr33333333333333t',
165             scope => ['http://spreadsheets.google.com/feeds/'],
166              
167             # with web apps, redirect_uri is needed:
168             # redirect_uri => 'http://your_app.sample.com/callback',
169             );
170             my $url = $oauth2->authorize_url();
171              
172             # you can add optional parameters:
173             my $url = $oauth2->authorize_url(
174             access_type => 'offline',
175             approval_prompt => 'force',
176             );
177              
178             # generate an access token from the code returned from Google:
179             my $token = $oauth2->access_token($code);
180            
181             =head1 DESCRIPTION
182              
183             Google::RestApi::Auth::OAuth2Client interacts with google OAuth 2.0 service
184             and creates the 'Authorization' header for use in Furl or LWP::UserAgent.
185              
186             To generate a config file and token file for use by this moudle, see:
187             bin/google_restapi_oauth_token_creator in this pacakage.
188              
189             This was copied from Net::Google::DataAPI::Auth::OAuth2 and modified
190             to fit this framework. The other framework was dated and produced
191             constant warnings to upgrade from Moose to Moo. I removed Moose since I
192             didn't use Moose anywhere else in this framework.
193              
194             =head1 ATTRIBUTES
195              
196             =head2 sub new
197              
198             =over 2
199              
200             config_file: Optional YAML configuration file that can specify any
201             or all of the following args:
202             client_id: The OAuth2 client id supplied by Google.
203             client_secret: The OAuth2 client secret supplied by Google.
204             token_file: The file path to the previously saved token (see OAUTH2
205             SETUP below). If a config_file is passed, the dirname of the config
206             file is tried to resolve the token_file (same directory) if the
207             directory portion is omitted.
208              
209             You can specify any of the arguments in the optional YAML config file.
210             Any passed in arguments will override what is in the config file.
211              
212             =item * client_id
213              
214             client id. You can get it at L<https://code.google.com/apis/console#access>.
215              
216             =item * client_secret
217              
218             The client secret paired with the client id.
219              
220             =item * scope
221              
222             URL identifying the service(s) to be accessed. You can see the list
223             of the urls to use at: L<http://code.google.com/intl/en-US/apis/gdata/faq.html#AuthScopes>
224              
225             =item * redirect_url
226              
227             OAuth2 redirect url. 'urn:ietf:wg:oauth:2.0:oob' will be used if you don't specify it.
228              
229             =back
230              
231             See L<https://developers.google.com/accounts/docs/OAuth2> for details.
232              
233             =head1 OAUTH2 SETUP
234              
235             This class depends on first creating an OAuth2 token session file
236             that you point to via the 'token_file' config param passed via 'new'.
237             See bin/google_restapi_oauth_token_creator and follow the instructions to
238             save your token file.
239              
240             =head1 AUTHOR
241              
242             Robin Murray E<lt>mvsjes@cpan.ork<gt>, copied and modifed from Net::Google::DataAPI::Auth::OAuth2.
243              
244             =head1 SEE ALSO
245              
246             L<OAuth2>
247              
248             L<Google::DataAPI::Auth::OAuth2>
249              
250             L<https://developers.google.com/accounts/docs/OAuth2>
251              
252             =head1 LICENSE
253              
254             This library is free software; you can redistribute it and/or modify
255             it under the same terms as Perl itself.