{ "content": [ { "type": "text", "text": "# Authen::SCRAM::Server (perldoc)\n\n## NAME\n\nAuthen::SCRAM::Server - RFC 5802 SCRAM Server\n\n## SYNOPSIS\n\nuse Authen::SCRAM::Server;\nuse Try::Tiny;\n$server = Authen::SCRAM::Server->new(\ncredentialcb => \\&getcredentials,\n);\n$username = try {\n# get client-first-message\n$serverfirst = $server->firstmsg( $clientfirst );\n# send to client and get client-final-message\n$serverfinal = $server->finalmsg( $clientfinal );\n# send to client\nreturn $server->authorizationid; # returns valid username\n}\ncatch {\ndie \"Authentication failed!\"\n};\n\n## DESCRIPTION\n\nThis module implements the server-side SCRAM algorithm.\n\n## Sections\n\n- **NAME**\n- **VERSION**\n- **SYNOPSIS**\n- **DESCRIPTION**\n- **ATTRIBUTES**\n- **METHODS**\n- **CHARACTER ENCODING CAVEAT**\n- **AUTHOR**\n- **COPYRIGHT AND LICENSE**\n\nUse structuredContent.sections for detailed options, examples, and full documentation.\n" } ], "structuredContent": { "command": "Authen::SCRAM::Server", "section": "", "mode": "perldoc", "summary": "Authen::SCRAM::Server - RFC 5802 SCRAM Server", "synopsis": "use Authen::SCRAM::Server;\nuse Try::Tiny;\n$server = Authen::SCRAM::Server->new(\ncredentialcb => \\&getcredentials,\n);\n$username = try {\n# get client-first-message\n$serverfirst = $server->firstmsg( $clientfirst );\n# send to client and get client-final-message\n$serverfinal = $server->finalmsg( $clientfinal );\n# send to client\nreturn $server->authorizationid; # returns valid username\n}\ncatch {\ndie \"Authentication failed!\"\n};", "tldr_summary": null, "tldr_examples": [], "tldr_source": null, "flags": [], "examples": [], "see_also": [], "section_outline": [ { "name": "NAME", "lines": 2, "subsections": [] }, { "name": "VERSION", "lines": 2, "subsections": [] }, { "name": "SYNOPSIS", "lines": 24, "subsections": [] }, { "name": "DESCRIPTION", "lines": 2, "subsections": [] }, { "name": "ATTRIBUTES", "lines": 39, "subsections": [] }, { "name": "METHODS", "lines": 27, "subsections": [] }, { "name": "CHARACTER ENCODING CAVEAT", "lines": 7, "subsections": [] }, { "name": "AUTHOR", "lines": 2, "subsections": [] }, { "name": "COPYRIGHT AND LICENSE", "lines": 6, "subsections": [] } ], "sections": { "NAME": { "content": "Authen::SCRAM::Server - RFC 5802 SCRAM Server\n", "subsections": [] }, "VERSION": { "content": "version 0.011\n", "subsections": [] }, "SYNOPSIS": { "content": "use Authen::SCRAM::Server;\nuse Try::Tiny;\n\n$server = Authen::SCRAM::Server->new(\ncredentialcb => \\&getcredentials,\n);\n\n$username = try {\n# get client-first-message\n\n$serverfirst = $server->firstmsg( $clientfirst );\n\n# send to client and get client-final-message\n\n$serverfinal = $server->finalmsg( $clientfinal );\n\n# send to client\n\nreturn $server->authorizationid; # returns valid username\n}\ncatch {\ndie \"Authentication failed!\"\n};\n", "subsections": [] }, "DESCRIPTION": { "content": "This module implements the server-side SCRAM algorithm.\n", "subsections": [] }, "ATTRIBUTES": { "content": "credentialcb (required)\nThis attribute must contain a code reference that takes a username (as a character string\nnormalized by SASLprep) and returns the four user-credential parameters required by SCRAM:\n\"salt\", \"StoredKey\", \"ServerKey\", and \"iteration count\". The \"salt\", \"StoredKey\" and \"ServerKey\"\nmust be provided as octets (i.e. NOT base64 encoded).\n\nIf the username is unknown, it should return an empty list.\n\n($salt, $storedkey, $serverkey, $iterations) =\n$server->credentialcb->( $username );\n\nSee RFC 5802: SCRAM Algorithm Overview for\ndetails.\n\nauthproxycb\nIf provided, this attribute must contain a code reference that takes an authentication username\nand a authorization username (both as character strings), and return a true value if the\nauthentication username is permitted to act as the authorization username:\n\n$bool = $server->authproxycb->(\n$authenticationuser, $authorizationuser\n);\n\nIt will only be all called if the authentication username has successfully authenticated. Both\nusernames will have been normalized via \"SASLprep\" with any transport encoding removed before\nbeing passed to this function.\n\ndigest\nName of a digest function available via PBKDF2::Tiny. Valid values are SHA-1, SHA-224, SHA-256,\nSHA-384, or SHA-512. Defaults to SHA-1.\n\nnoncesize\nSize of the client-generated nonce, in bits. Defaults to 192. The server-nonce will be appended,\nso the final nonce size will be substantially larger.\n\nskipsaslprep\nA boolean that defaults to false. If set to true, usernames and passwords will not be normalized\nthrough SASLprep. This is a deviation from the RFC5802 spec and is not recommended.\n", "subsections": [] }, "METHODS": { "content": "firstmsg\n$serverfirstmsg = $server->firstmsg( $clientfirstmsg );\n\nThis takes the \"client-first-message\" received from the client and returns the\n\"server-first-message\" string to be sent to the client to continue a SCRAM session. Calling this\nagain will reset the internal state and initiate a new session. This will throw an exception\nshould an error occur.\n\nfinalmsg\n$serverfinalmsg = $server->finalmsg( $clientfinalmsg );\n\nThis takes the \"client-final-message\" received from the client and returns the\n\"server-final-message\" string containing the verification signature to be sent to the client.\n\nIf an authorization identity was provided by the client, it will confirm that the authenticating\nusername is authorized to act as the authorization id using the \"authproxycb\" attribute.\n\nIf the client credentials do not match or the authentication name is not authorized to act as\nthe authorization name, then an exception will be thrown.\n\nauthorizationid\n$username = $client->authorizationid();\n\nThis takes no arguments and returns the authorization identity resulting from the SCRAM\nexchange. This is the client-supplied authorization identity (if one was provided and validated)\nor else the successfully authenticated identity.\n", "subsections": [] }, "CHARACTER ENCODING CAVEAT": { "content": "The SCRAM protocol mandates UTF-8 interchange. However, all methods in this module take and\nreturn character strings. You must encode to UTF-8 before sending and decode from UTF-8 on\nreceiving according to whatever transport mechanism you are using.\n\nThis is done to avoid double encoding/decoding problems if your transport is already doing UTF-8\nencoding or decoding as it constructs outgoing messages or parses incoming messages.\n", "subsections": [] }, "AUTHOR": { "content": "David Golden \n", "subsections": [] }, "COPYRIGHT AND LICENSE": { "content": "This software is Copyright (c) 2014 by David Golden.\n\nThis is free software, licensed under:\n\nThe Apache License, Version 2.0, January 2004\n", "subsections": [] } } } }