Beefy Boxes and Bandwidth Generously Provided by pair Networks
laziness, impatience, and hubris
 
PerlMonks  

Oauth2 help needed

by superwombat (Acolyte)
on Sep 07, 2018 at 16:36 UTC ( [id://1221932]=perlquestion: print w/replies, xml ) Need Help??

superwombat has asked for the wisdom of the Perl Monks concerning the following question:

Monks,

I have spent the last 2 days scouring the internet for information on how to authenticate a perl app using oauth2. There are a half-dozen modules that claim to assist with this process, and not a single one has documentation or examples or any hint on how to construct the request successfully.

I decided to work with LWP::Authen::OAuth2 and came up with the following code (This is for attempting to authenticate with Yahoo).

The number one issue I have is the redirect_uri. It seems like the oauth2 spec always assumes that any developer has access to their own website to host a redirect page on? This must be super-obvious, because every tutorial site just hand-waves over this parameter with "put your redirect uri here" without even attempting to suggest what one might look like, especially if you're running a standalone application. Some sites mentioned that you can redirect to localhost... again, without any sort of suggestion as to how you might do that.

So... question 1. How to I form a redirect URI for a locally executed application in a windows environment?

I'm sure I have more questions and errors in my code, but I won't be able to find those until I can fill in some reasonable value for the redirect_uri.

use LWP::Authen::Oauth2;
use Storable; #to save and restore token for future use
use Term::Prompt;
use strict;
use warnings;

my $oauth2 = LWP::Authen::OAuth2->new(
    client_id => '*****',
    client_secret => '*****',
    redirect_uri => 'I don't even know',
    scope => 'fspt-w',
    response_type => 'id_token'
                             );

my $url = $oauth2->authorization_url('https://api.login.yahoo.com/oaut
+h2/request_auth');
my $code = prompt('x', 'Paste the code obtained at the above URL here:
+ ', '', ''); 

# Exchange the code for an access token:
my $token = $oauth2->get_access_token($code) or die;

# If we get to here, it worked!  Report success: 
print "\nToken obtained successfully!\n";
print "Here are the token contents (just FYI):\n\n";
print $token->to_string, "\n";

[download]

Replies are listed 'Best First'.
Re: Oauth2 help needed
by RonW (Parson) on Sep 07, 2018 at 21:00 UTC
[reply]
Re: Oauth2 help needed
by mr_mischief (Monsignor) on Sep 07, 2018 at 20:23 UTC

    It seems at least some of your questions are more domain-specific than language-specific. That is, your OAuth2 knowledge could use a boost here as much or more than your Perl knowledge.

    A redirect_uri is the URI which you've registered at the authenticator as where you want users brought back to your site after they authenticate. If you've registered with Yahoo! for their users to be authenticated to your application, this is the URI on your site you providedf to them.

    https://aaronparecki.com/oauth-2-simplified/ has a good introduction to what can be some confusing terminology. Understanding OAuth2 (or OpenID Connect, or SAML2) on some level is important to choosing the right authentication method and using it appropriately. You won't need to be an expert or need to be able to rewrite the client libraries yourself, but this is something you can't cobble together without understanding a bit about the functioning of the standards from the points of view of the protocol client (which tends to be a web server) and the end-user's client (their browser).

[reply]
Re: Oauth2 help needed
by superwombat (Acolyte) on Sep 07, 2018 at 22:07 UTC

    Well, should anyone stumble across this thread in the future looking for help, the answer is "oob".

    Each site apparently makes up their own term for redirect_uri when being accessed from an application instead of a webserver. For Yahoo it's "oob", for google it's "urn:ietf:wg:oauth:2.0:oob"

    One other thing to be aware of, if you're using LWP::Authen::OAuth2 and it's not one of the 4 sites natively supported, you need to find the authorization and token endpoint addresses and declare them when you make your oauth2 object.

    At this point I'm able to summon an Authorization Code, however when attempting to exchange it for a token I'm getting

    "OAuth2 error: INVALID_INPUT Description: Redirect URL cannot be empty for authorization_code grant type at C:\Sustaining\Perlinprogress\Football\oauth.pl line 105."

    
my $oauth2 = LWP::Authen::OAuth2->new(
    authorization_endpoint => 'https://api.login.yahoo.com/oauth2/requ
+est_auth',
    token_endpoint => 'https://api.login.yahoo.com/oauth2/get_token',
    client_id => '****',
    client_secret => '****',
    scope => 'fspt-w',
    redirect_uri => 'oob',
                             );

my $url = $oauth2->authorization_url();

my $code = prompt('x', 'Paste the code obtained at the above URL here:
+ ', '', ''); 

# Exchange the code for an access token:
my $token = $oauth2->request_tokens(code => $code) or die;

# If we get to here, it worked!  Report success: 
print "\nToken obtained successfully!\n";
print "Here are the token contents (just FYI):\n\n";
print $token->to_string, "\n";

    [download]
[reply]
[d/l]

Back to Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: perlquestion [id://1221932]
Approved by marto
Front-paged by Corion
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others goofing around in the Monastery: (1)
As of 2024-04-25 03:40 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found