Provided by: libwww-oauth-perl_1.000-1_all bug


       WWW::OAuth - Portable OAuth 1.0 authentication


        use WWW::OAuth;

        my $oauth = WWW::OAuth->new(
          client_id => $client_id,
          client_secret => $client_secret,
          token => $token,
          token_secret => $token_secret,

        # Just retrieve authorization header
        my $auth_header = $oauth->authorization_header($http_request, { oauth_callback => $url });
        $http_request->header(Authorization => $auth_header);

        # HTTP::Tiny
        use HTTP::Tiny;
        my $res = $oauth->authenticate(Basic => { method => 'GET', url => $url })

        # HTTP::Request
        use HTTP::Request::Common;
        use LWP::UserAgent;
        my $res = $oauth->authenticate(GET $url)->request_with(LWP::UserAgent->new);

        # Mojo::Message::Request
        use Mojo::UserAgent;
        my $tx = $ua->build_tx(get => $url);
        $tx = $oauth->authenticate($tx->req)->request_with(Mojo::UserAgent->new);


       WWW::OAuth implements OAuth 1.0 request authentication according to RFC 5849
       <> (sometimes referred to as OAuth 1.0A). It does not
       implement the user agent requests needed for the complete OAuth 1.0 authorization flow; it
       only prepares and signs requests, leaving the rest up to your application. It can
       authenticate requests for LWP::UserAgent, Mojo::UserAgent, HTTP::Tiny, and can be extended
       to operate on other types of requests.

       Some user agents can be configured to automatically authenticate each request with a
       WWW::OAuth object.

        # LWP::UserAgent
        my $ua = LWP::UserAgent->new;
        $ua->add_handler(request_prepare => sub { $oauth->authenticate($_[0]) });

        # Mojo::UserAgent
        my $ua = Mojo::UserAgent->new;
        $ua->on(start => sub { $oauth->authenticate($_[1]->req) });


       The process of retrieving access tokens and token secrets for authorization on behalf of a
       user may differ among various APIs, but it follows this general format (error checking is
       left as an exercise to the reader):

        use WWW::OAuth;
        use WWW::OAuth::Util 'form_urldecode';
        use HTTP::Tiny;
        my $ua = HTTP::Tiny->new;
        my $oauth = WWW::OAuth->new(
          client_id => $client_id,
          client_secret => $client_secret,

        # Request token request
        my $res = $oauth->authenticate({ method => 'POST', url => $request_token_url },
          { oauth_callback => $callback_url })->request_with($ua);
        my %res_data = @{form_urldecode $res->{content}};
        my ($request_token, $request_secret) = @res_data{'oauth_token','oauth_token_secret'};

       Now, the returned request token must be used to construct a URL for the user to go to and
       authorize your application. The exact method differs by API. The user will usually be
       redirected to the $callback_url passed earlier after authorizing, with a verifier token
       that can be used to retrieve the access token and secret.

        # Access token request
        my $res = $oauth->authenticate({ method => 'POST', url => $access_token_url },
          { oauth_verifier => $verifier_token })->request_with($ua);
        my %res_data = @{form_urldecode $res->{content}};
        my ($access_token, $access_secret) = @res_data{'oauth_token','oauth_token_secret'};

       Finally, the access token and secret can now be stored and used to authorize your
       application on behalf of this user.



       WWW::OAuth implements the following attributes.

        my $client_id = $oauth->client_id;
        $oauth        = $oauth->client_id($client_id);

       Client ID used to identify application (sometimes called an API key or consumer key).
       Required for all requests.

        my $client_secret = $oauth->client_secret;
        $oauth            = $oauth->client_secret($client_secret);

       Client secret used to authenticate application (sometimes called an API secret or consumer
       secret). Required for all requests.

        my $token = $oauth->token;
        $oauth    = $oauth->token($token);

       Request or access token used to identify resource owner. Leave undefined for temporary
       credentials requests (request token requests).

        my $token_secret = $oauth->token_secret;
        $oauth           = $oauth->token_secret($token_secret);

       Request or access token secret used to authenticate on behalf of resource owner. Leave
       undefined for temporary credentials requests (request token requests).

        my $method = $oauth->signature_method;
        $oauth     = $oauth->signature_method($method);

       Signature method, can be "PLAINTEXT", "HMAC-SHA1", "RSA-SHA1", or a custom signature
       method. For "RSA-SHA1" or custom signature methods, a "signer" must be provided. Defaults
       to "HMAC-SHA1".

        my $signer = $oauth->signer;
        $oauth     = $oauth->signer(sub {
          my ($base_str, $client_secret, $token_secret) = @_;
          return $signature;

       Coderef which implements the "signature_method". A default signer is provided for
       signature methods "PLAINTEXT" and "HMAC-SHA1"; this attribute is required for other
       signature methods. For signature method "RSA-SHA1", this attribute may also be an object
       which has a "sign" method like Crypt::OpenSSL::RSA.

       The signer is passed the computed signature base string, the client secret, and (if
       present) the token secret, and must return the signature string.


       WWW::OAuth implements the following methods.

        $container = $oauth->authenticate($container, \%oauth_params);
        my $container = $oauth->authenticate($http_request, \%oauth_params);
        my $container = $oauth->authenticate(Basic => { method => 'GET', url => $url }, \%oauth_params);

       Wraps the HTTP request in a container with "oauth_request" in WWW::OAuth::Util, then sets
       the Authorization header using "authorization_header" to sign the request for OAuth 1.0.
       An optional hashref of OAuth parameters will be passed through to "authorization_header".
       Returns the container object.

        my $auth_header = $oauth->authorization_header($container, \%oauth_params);
        my $auth_header = $oauth->authorization_header($http_request, \%oauth_params);
        my $auth_header = $oauth->authorization_header(Basic => { method => 'GET', url => $url }, \%oauth_params);

       Forms an OAuth 1.0 signed Authorization header for the passed request. As in
       "authenticate", the request may be specified in any form accepted by "oauth_request" in
       WWW::OAuth::Util. OAuth protocol parameters (starting with "oauth_" or the special
       parameter "realm") may be optionally specified in a hashref and will override any
       generated protocol parameters of the same name (they should not be present in the request
       URL or body parameters). Returns the signed header value.


       Request containers provide a unified interface for "authenticate" to parse and update HTTP
       requests. They must perform the Role::Tiny role WWW::OAuth::Request. Custom container
       classes can be instantiated directly or via "oauth_request" in WWW::OAuth::Util.

       WWW::OAuth::Request::Basic contains the request attributes directly, for user agents such
       as HTTP::Tiny that do not use request objects.

       WWW::OAuth::Request::HTTP_Request wraps a HTTP::Request object, which is compatible with
       several user agents including LWP::UserAgent, HTTP::Thin, and Net::Async::HTTP.

       WWW::OAuth::Request::Mojo wraps a Mojo::Message::Request object, which is used by
       Mojo::UserAgent via Mojo::Transaction.


       Report any issues on the public bugtracker.


       Dan Book <>


       This software is Copyright (c) 2015 by Dan Book.

       This is free software, licensed under:

         The Artistic License 2.0 (GPL Compatible)


       Net::OAuth, Mojolicious::Plugin::OAuth2