{ "mode": "perldoc", "parameter": "Net::OAuth", "section": "", "url": "https://www.chedong.com/phpMan.php/perldoc/Net%3A%3AOAuth/json", "generated": "2026-06-09T13:13:04Z", "synopsis": "# Web Server Example (Dancer)\n# This example is simplified for illustrative purposes, see the complete code in /demo\n# Note that clientid is the Consumer Key and clientsecret is the Consumer Secret\nuse Dancer;\nuse Net::OAuth::Client;\nsub client {\nNet::OAuth::Client->new(\nconfig->{clientid},\nconfig->{clientsecret},\nsite => 'https://www.google.com/',\nrequesttokenpath => '/accounts/OAuthGetRequestToken?scope=https%3A%2F%2Fwww.google.com%2Fm8%2Ffeeds%2F',\nauthorizepath => '/accounts/OAuthAuthorizeToken',\naccesstokenpath => '/accounts/OAuthGetAccessToken',\ncallback => urifor(\"/auth/google/callback\"),\nsession => \\&session,\n);\n}\n# Send user to authorize with service provider\nget '/auth/google' => sub {\nredirect client->authorizeurl;\n};\n# User has returned with token and verifier appended to the URL.\nget '/auth/google/callback' => sub {\n# Use the auth code to fetch the access token\nmy $accesstoken = client->getaccesstoken(params->{oauthtoken}, params->{oauthverifier});\n# Use the access token to fetch a protected resource\nmy $response = $accesstoken->get('/m8/feeds/contacts/default/full');\n# Do something with said resource...\nif ($response->issuccess) {\nreturn \"Yay, it worked: \" . $response->decodedcontent;\n}\nelse {\nreturn \"Error: \" . $response->statusline;\n}\n};\ndance;", "sections": { "NAME": { "content": "Net::OAuth - OAuth 1.0 for Perl\n", "subsections": [] }, "SYNOPSIS": { "content": "# Web Server Example (Dancer)\n\n# This example is simplified for illustrative purposes, see the complete code in /demo\n\n# Note that clientid is the Consumer Key and clientsecret is the Consumer Secret\n\nuse Dancer;\nuse Net::OAuth::Client;\n\nsub client {\nNet::OAuth::Client->new(\nconfig->{clientid},\nconfig->{clientsecret},\nsite => 'https://www.google.com/',\nrequesttokenpath => '/accounts/OAuthGetRequestToken?scope=https%3A%2F%2Fwww.google.com%2Fm8%2Ffeeds%2F',\nauthorizepath => '/accounts/OAuthAuthorizeToken',\naccesstokenpath => '/accounts/OAuthGetAccessToken',\ncallback => urifor(\"/auth/google/callback\"),\nsession => \\&session,\n);\n}\n\n# Send user to authorize with service provider\nget '/auth/google' => sub {\nredirect client->authorizeurl;\n};\n\n# User has returned with token and verifier appended to the URL.\nget '/auth/google/callback' => sub {\n\n# Use the auth code to fetch the access token\nmy $accesstoken = client->getaccesstoken(params->{oauthtoken}, params->{oauthverifier});\n\n# Use the access token to fetch a protected resource\nmy $response = $accesstoken->get('/m8/feeds/contacts/default/full');\n\n# Do something with said resource...\n\nif ($response->issuccess) {\nreturn \"Yay, it worked: \" . $response->decodedcontent;\n}\nelse {\nreturn \"Error: \" . $response->statusline;\n}\n};\n\ndance;\n", "subsections": [] }, "IMPORTANT": { "content": "Net::OAuth provides a low-level API for reading and writing OAuth messages.\n\nYou probably should start with Net::OAuth::Client.\n", "subsections": [] }, "ABSTRACT": { "content": "OAuth is\n\n\"An open protocol to allow secure API authentication in a simple and standard method from\ndesktop and web applications.\"\n\nIn practical terms, OAuth is a mechanism for a Consumer to request protected resources from a\nService Provider on behalf of a user.\n\nPlease refer to the OAuth spec: \n\nNet::OAuth provides:\n\n* classes that encapsulate OAuth messages (requests and responses).\n\n* message signing\n\n* message serialization and parsing.\n\n* 2-legged requests (aka. tokenless requests, aka. consumer requests), see \"CONSUMER REQUESTS\"\n\nNet::OAuth does not provide:\n\n* Consumer or Service Provider encapsulation\n\n* token/nonce/key storage/management\n", "subsections": [] }, "DESCRIPTION": { "content": "OAUTH MESSAGES\nAn OAuth message is a set of key-value pairs. The following message types are supported:\n\nRequests\n\n* Request Token (Net::OAuth::RequestTokenRequest)\n\n* Access Token (Net::OAuth::AccessTokenRequest)\n\n* User Authentication (Net::OAuth::UserAuthRequest)\n\n* Protected Resource (Net::OAuth::ProtectedResourceRequest)\n\n* Consumer Request (Net::OAuth::ConsumerRequest) (2-legged / token-less request)\n\nResponses\n\n* Request Token (Net::OAuth::RequestTokenResponse)\n\n* Access Token (Net::OAuth:AccessTokenResponse)\n\n* User Authentication (Net::OAuth::UserAuthResponse)\n\nEach OAuth message type has one or more required parameters, zero or more optional parameters,\nand most allow arbitrary parameters.\n\nAll OAuth requests must be signed by the Consumer. Responses from the Service Provider, however,\nare not signed.\n\nTo create a message, the easiest way is to use the factory methods (Net::OAuth->request,\nNet::OAuth->response, Net::OAuth->message). The following method invocations are all equivalent:\n\n$request = Net::OAuth->request('user authentication')->new(%params);\n$request = Net::OAuth->request('userauth')->new(%params);\n$request = Net::OAuth->request('UserAuth')->new(%params);\n$request = Net::OAuth->message('UserAuthRequest')->new(%params);\n\nThe more verbose way is to use the class directly:\n\nuse Net::OAuth::UserAuthRequest;\n$request = Net::OAuth::UserAuthRequest->new(%params);\n\nYou can also create a message by deserializing it from a Authorization header, URL, query hash,\nor POST body\n\n$request = Net::OAuth->request('protected resource')->fromauthorizationheader($ENV{HTTPAUTHORIZATION}, %apiparams);\n$request = Net::OAuth->request('protected resource')->fromurl($url, %apiparams);\n$request = Net::OAuth->request('protected resource')->fromhash({$q->Vars}, %apiparams); # CGI\n$request = Net::OAuth->request('protected resource')->fromhash($c->request->params, %apiparams); # Catalyst\n$response = Net::OAuth->response('request token')->frompostbody($responsecontent, %apiparams);\n\nNote that the deserialization methods (as opposed to new()) expect OAuth protocol parameters to\nbe prefixed with 'oauth', as you would expect in a valid OAuth message.\n\nBefore sending a request, the Consumer must first sign it:\n\n$request->sign;\n\nWhen receiving a request, the Service Provider should first verify the signature:\n\ndie \"Signature verification failed\" unless $request->verify;\n\nWhen sending a message the last step is to serialize it and send it to wherever it needs to go.\nThe following serialization methods are available:\n\n$response->topostbody # a application/x-www-form-urlencoded POST body\n\n$request->tourl # the query string of a URL\n\n$request->toauthorizationheader # the value of an HTTP Authorization header\n\n$request->tohash # a hash that could be used for some other serialization\n\nAPI PARAMETERS vs MESSAGE PARAMETERS\nNet::OAuth defines 'message parameters' as parameters that are part of the transmitted OAuth\nmessage. These include any protocol parameter (prefixed with 'oauth' in the message), and any\nadditional message parameters (the extraparams hash).\n\n'API parameters' are parameters required to build a message object that are not transmitted with\nthe message, e.g. consumersecret, tokensecret, requesturl, requestmethod.\n\nThere are various methods to inspect a message class to see what parameters are defined:\n\n$request->requiredmessageparams;\n$request->optionalmessageparams;\n$request->allmessageparams;\n$request->requiredapiparams;\n$request->optionalapiparams;\n$request->allapiparams;\n$request->allparams;\n\nE.g.\n\nuse Net::OAuth;\nuse Data::Dumper;\nprint Dumper(Net::OAuth->request(\"protected resource\")->requiredmessageparams);\n\n$VAR1 = [\n'consumerkey',\n'signaturemethod',\n'timestamp',\n'nonce',\n'token'\n];\n\nACCESSING PARAMETERS\nAll parameters can be get/set using accessor methods. E.g.\n\nmy $consumerkey = $request->consumerkey;\n$request->requestmethod('POST');\n\nTHE REQUESTURL PARAMETER\nAny query parameters in the requesturl are removed and added to the extraparams hash when\ngenerating the signature.\n\nE.g. the following requests are pretty much equivalent:\n\nmy $request = Net::OAuth->request('Request Token')->new(\n%params,\nrequesturl => 'https://photos.example.net/requesttoken',\nextraparams => {\nfoo => 'bar'\n},\n);\n\nmy $request = Net::OAuth->request('Request Token')->new(\n%params,\nrequesturl => 'https://photos.example.net/requesttoken?foo=bar',\n);\n\nCalling $request->requesturl will still return whatever you set it to originally. If you want\nto get the requesturl with the query parameters removed, you can do:\n\nmy $url = $request->normalizedrequesturl;\n\nSIGNATURE METHODS\nThe following signature methods are supported:\n\n* PLAINTEXT\n\n* HMAC-SHA1\n\n* HMAC-SHA256\n\n* RSA-SHA1\n\nThe signature method is determined by the value of the signaturemethod parameter that is passed\nto the message constructor.\n\nIf an unknown signature method is specified, the signing/verification will throw an exception.\n\nPLAINTEXT SIGNATURES\nThis method is a trivial signature which adds no security. Not recommended.\n\nHMAC-SHA1 SIGNATURES\nThis method is available if you have Digest::HMACSHA1 installed. This is by far the most\ncommonly used method.\n\nHMAC-SHA256 SIGNATURES\nThis method is available if you have Digest::SHA installed.\n\nRSA-SHA1 SIGNATURES\nTo use RSA-SHA1 signatures, pass in a Crypt::OpenSSL::RSA object (or any object that can do\n$o->sign($str) and/or $o->verify($str, $sig))\n\nE.g.\n\nConsumer:\n\nuse Crypt::OpenSSL::RSA;\nuse File::Slurp;\n$keystring = readfile('privatekey.pem');\n$privatekey = Crypt::OpenSSL::RSA->newprivatekey($keystring);\n$request = Net::OAuth->request('request token')->new(%params);\n$request->sign($privatekey);\n\nService Provider:\n\nuse Crypt::OpenSSL::RSA;\nuse File::Slurp;\n$keystring = readfile('publickey.pem');\n$publickey = Crypt::OpenSSL::RSA->newpublickey($keystring);\n$request = Net::OAuth->request('request token')->new(%params);\nif (!$request->verify($publickey)) {\ndie \"Signature verification failed\";\n}\n\nNote that you can pass the key in as a parameter called 'signaturekey' to the message\nconstructor, rather than passing it to the sign/verify method, if you like.\n\nCONSUMER REQUESTS\nTo send a request without including a token, use a Consumer Request:\n\nmy $request = Net::OAuth->request('consumer')->new(\nconsumerkey => 'dpf43f3p2l4k3l03',\nconsumersecret => 'kd94hf93k423kf44',\nrequesturl => 'http://provider.example.net/profile',\nrequestmethod => 'GET',\nsignaturemethod => 'HMAC-SHA1',\ntimestamp => '1191242096',\nnonce => 'kllo9940pd9333jh',\n);\n\n$request->sign;\n\nSee Net::OAuth::ConsumerRequest\n\nI18N\nPer the OAuth spec, when making the signature Net::OAuth first encodes parameters to UTF-8. This\nmeans that any parameters you pass to Net::OAuth, if they might be outside of ASCII character\nset, should be run through Encode::decode() (or an equivalent PerlIO layer) first to decode them\nto Perl's internal character structure.\n\nOAUTH 1.0A\nBackground:\n\n\n\n\n\nNet::OAuth defaults to OAuth 1.0 spec compliance, and supports OAuth 1.0 Rev A with an optional\nswitch:\n\nuse Net::OAuth\n$Net::OAuth::PROTOCOLVERSION = Net::OAuth::PROTOCOLVERSION10A;\n\nIt is recommended that any new projects use this switch if possible, and existing projects move\nto supporting this switch as soon as possible. Probably the easiest way for existing projects to\ndo this is to turn on the switch and run your test suite. The Net::OAuth constructor will throw\nan exception where the new protocol parameters (callback, callbackconfirmed, verifier) are\nmissing.\n\nInternally, the Net::OAuth::Message constructor checks $Net::OAuth::PROTOCOLVERSION and\nattempts to load the equivalent subclass in the Net::OAuth::V10A:: namespace. So if you\ninstantiate a Net::OAuth::RequestTokenRequest object, you will end up with a\nNet::OAuth::V10A::RequestTokenRequest (a subclass of Net::OAuth::RequestTokenRequest) if the\nprotocol version is set to PROTOCOLVERSION10A. You can also select a 1.0a subclass on a\nper-message basis by passing\n\nprotocolversion => Net::OAuth::PROTOCOLVERSION10A\n\nin the API parameters hash.\n\nIf you are not sure whether the entity you are communicating with is 1.0A compliant, you can try\ninstantiating a 1.0A message first and then fall back to 1.0 if that fails:\n\nuse Net::OAuth\n$Net::OAuth::PROTOCOLVERSION = Net::OAuth::PROTOCOLVERSION10A;\nmy $isoauth10 = 0;\nmy $response = eval{Net::OAuth->response('request token')->frompostbody($res->content)};\nif ($@) {\nif ($@ =~ /Missing required parameter 'callbackconfirmed'/) {\n# fall back to OAuth 1.0\n$response = Net::OAuth->response('request token')->frompostbody(\n$res->content,\nprotocolversion => Net::OAuth::PROTOCOLVERSION10\n);\n$isoauth10 = 1; # from now on treat the server as OAuth 1.0 compliant\n}\nelse {\ndie $@;\n}\n}\n\nAt some point in the future, Net::OAuth will default to Net::OAuth::PROTOCOLVERSION10A.\n", "subsections": [] }, "DEMO": { "content": "There is a demo Consumer CGI in this package, also available online at \n", "subsections": [] }, "SEE ALSO": { "content": "\n\nCheck out Net::OAuth::Simple - it has a simpler API that may be more to your liking\n\nCheck out Net::Twitter::OAuth for a Twitter-specific OAuth API\n\nCheck out WWW::Netflix::API for a Netflix-specific OAuth API\n", "subsections": [] }, "TODO": { "content": "* Support for repeating/multivalued parameters\n\n* Add convenience methods for SPs\n\nSomething like:\n\n# direct from CGI.pm object\n$request = Net::OAuth->request('Request Token')->fromcgiquery($cgi, %apiparams);\n\n# direct from Catalyst::Request object\n$request = Net::OAuth->request('Request Token')->fromcatalystrequest($c->req, %apiparams);\n\n# from Auth header and GET and POST params in one\nlocal $/;\nmy $postbody = ;\n$request = Net::OAuth->request('Request Token')->fromauthgetandpost(\n$ENV{HTTPAUTHORIZATION},\n$ENV{QUERYSTRING},\n$postbody,\n%apiparams\n);\n", "subsections": [] }, "AUTHOR": { "content": "Keith Grennan, \"\"\n\nCOPYRIGHT & LICENSE\nCopyright 2009 Keith Grennan, all rights reserved.\n\nThis program is free software; you can redistribute it and/or modify it under the same terms as\nPerl itself.\n", "subsections": [] } }, "summary": "Net::OAuth - OAuth 1.0 for Perl", "flags": [], "examples": [], "see_also": [] }