{
    "mode": "perldoc",
    "parameter": "Authen::SCRAM::Client",
    "section": "",
    "url": "https://www.chedong.com/phpMan.php/perldoc/Authen%3A%3ASCRAM%3A%3AClient/json",
    "generated": "2026-06-13T04:33:04Z",
    "synopsis": "use Authen::SCRAM::Client;\nuse Try::Tiny;\n$client = Authen::SCRAM::Client->new(\nusername => 'johndoe',\npassword => 'trustno1',\n);\ntry {\n$clientfirst = $client->firstmsg();\n# send to server and get server-first-message\n$clientfinal = $client->finalmsg( $serverfirst );\n# send to server and get server-final-message\n$client->validate( $serverfinal );\n}\ncatch {\ndie \"Authentication failed!\"\n};",
    "sections": {
        "NAME": {
            "content": "Authen::SCRAM::Client - RFC 5802 SCRAM client\n",
            "subsections": []
        },
        "VERSION": {
            "content": "version 0.011\n",
            "subsections": []
        },
        "SYNOPSIS": {
            "content": "use Authen::SCRAM::Client;\nuse Try::Tiny;\n\n$client = Authen::SCRAM::Client->new(\nusername => 'johndoe',\npassword => 'trustno1',\n);\n\ntry {\n$clientfirst = $client->firstmsg();\n\n# send to server and get server-first-message\n\n$clientfinal = $client->finalmsg( $serverfirst );\n\n# send to server and get server-final-message\n\n$client->validate( $serverfinal );\n}\ncatch {\ndie \"Authentication failed!\"\n};\n",
            "subsections": []
        },
        "DESCRIPTION": {
            "content": "This module implements the client-side SCRAM algorithm.\n",
            "subsections": []
        },
        "ATTRIBUTES": {
            "content": "username (required)\nAuthentication identity. This will be normalized with the SASLprep algorithm before being\ntransmitted to the server.\n\npassword (required)\nAuthentication password. This will be normalized with the SASLprep algorithm before being\ntransmitted to the server.\n\nauthorizationid\nIf the authentication identity (\"username\") will act as a different, authorization identity,\nthis attribute provides the authorization identity. It is optional. If not provided, the\nauthentication identity is considered by the server to be the same as the authorization\nidentity.\n\nminimumiterationcount\nIf the server requests an iteration count less than this value, the client throws an error. This\nprotects against downgrade attacks. The default is 4096, consistent with recommendations in the\nRFC.\n\ndigest\nName of a digest function available via PBKDF2::Tiny. Valid values are SHA-1, SHA-224, SHA-256,\nSHA-384, or SHA-512. Defaults to SHA-1.\n\nnoncesize\nSize of the client-generated nonce, in bits. Defaults to 192. The server-nonce will be appended,\nso the final nonce size will be substantially larger.\n\nskipsaslprep\nA boolean that defaults to false. If set to true, usernames and passwords will not be normalized\nthrough SASLprep. This is a deviation from the RFC5802 spec and is not recommended.\n",
            "subsections": []
        },
        "METHODS": {
            "content": "firstmsg\n$clientfirstmsg = $client->firstmsg();\n\nThis takes no arguments and returns the \"client-first-message\" character string to be sent to\nthe server to initiate a SCRAM session. Calling this again will reset the internal state and\ninitiate a new session. This will throw an exception should an error occur.\n\nfinalmsg\n$clientfinalmsg = $client->finalmsg( $serverfirstmsg );\n\nThis takes the \"server-first-message\" character string received from the server and returns the\n\"client-final-message\" character string containing the authentication proof to be sent to the\nserver. This will throw an exception should an error occur.\n\nvalidate\n$client->validate( $serverfinalmsg );\n\nThis takes the \"server-final-message\" character string received from the server and verifies\nthat the server actually has a copy of the client credentials. It will return true if valid and\nthrow an exception, otherwise.\n\ncomputedkeys\nThis method returns the opaque keys used in the SCRAM protocol. It returns the 'stored key', the\n'client key' and the 'server key'. The server must have a copy of the stored key and server key\nfor a given user in order to authenticate.\n\nThis method caches the computed values -- it generates them fresh only if the supplied salt and\niteration count don't match the cached salt and iteration count.\n",
            "subsections": []
        },
        "CHARACTER ENCODING CAVEAT": {
            "content": "The SCRAM protocol mandates UTF-8 interchange. However, all methods in this module take and\nreturn character strings. You must encode to UTF-8 before sending and decode from UTF-8 on\nreceiving according to whatever transport mechanism you are using.\n\nThis is done to avoid double encoding/decoding problems if your transport is already doing UTF-8\nencoding or decoding as it constructs outgoing messages or parses incoming messages.\n",
            "subsections": []
        },
        "AUTHOR": {
            "content": "David Golden <dagolden@cpan.org>\n",
            "subsections": []
        },
        "COPYRIGHT AND LICENSE": {
            "content": "This software is Copyright (c) 2014 by David Golden.\n\nThis is free software, licensed under:\n\nThe Apache License, Version 2.0, January 2004\n",
            "subsections": []
        }
    },
    "summary": "Authen::SCRAM::Client - RFC 5802 SCRAM client",
    "flags": [],
    "examples": [],
    "see_also": []
}