• NAME
• DESCRIPTION
• SYNOPSIS
• ATTRIBUTES
  • AuthURL
  • RedirectURI
  • Tenant
  • ClientID
  • ClientSecret
  • Scope
• METHODS
  • AccessToken
  • Verify()
  • CanRefresh
  • Refresh
  • ToBearer
  • ToXOAuth
  • AuthURL
• PRIVATE ATTRIBUTES
• PRIVATE METHODS

NAME

Kernel::System::Credential::OAuth2 - OAuth2 Credential

DESCRIPTION

This class takes care about handling OAuth2 web tokens.

SYNOPSIS

    my $OAuth2 = Kernel::System::Credential::OAuth2->new(
        ID           => 123,                    # optional, the database identifier
        Name         => 'MyCredentialEntry',    # required, the name of the credential entry
        ValidID      => 1,                      # required, the valid identifier
        CreateTime   => '2021-09-09 08:00:00',  # optional, timestamp of the create time (now if not provided)
        CreateBy     => 123,                    # optional, UserID of the creator (1 if not given)
        ChangeTime   => '2021-09-09 08:00:00',  # optional, timestamp of the last change time (now if not provided)
        ChangeBy     => 123,                    # optional, UserID of the last modifier (1 if not given)
        Config       => {
            AuthURL      => 'https://auth.resourceowner.com/auth',  # optional, the URL to start the auth process
            RedirectURL  => 'https://mydomain.com/oauth-callback',  # optional, the redirect URL after the auth process.
            Tenant       => 'abc123',                               # optional, the tenant for the service provider.
            ClientID     => 'superuser',                            # optional, the client id of the resource owner.
            ClientSecret => 'topsecret',                            # optional, the client secret of the resource owner.
            Scope        => 'the_whole_world',                      # optional, the scope of the permission grant.
        },
    );

    # redirect the consumer to start an authorization process with maybe a needed consent.
    $Controller->redirect_to( $OAuth2->AuthURL() );

    # Get or refresh access token / refresh token from resource owner.
    $OAuth2->Refresh( Code => $AuthorizationCodeFromResourceOwner );

ATTRIBUTES

AuthURL

The authentication URL, that is used to start the authentication process.

RedirectURI

The address the resource owner redirects to, after successful consent and/or authentication.

Tenant

The tenant to be used for authentication.

ClientID

The client id to be used for authentication.

ClientSecret

The client secret to be used for authentication.

Scope

The scope to request permissions for (multiple scores are separated by spaces).

METHODS

AccessToken

The access token, that is used for authentication.

Verify()

Verifies if the related access token is present, valid and in a usable state.

my $State = $AuthCredential->Verify();

Returns

    {
        State        => 'OK'                    # String representation of the state
        UpdateNeeded => 0,                      # Indicator for a needed token update
        ValidUntil   => '2021-09-01 18:15:35',
    }

CanRefresh

Checks if the access token can be refreshed.

Refresh

Performs needed operations to refresh the access token data.

ToBearer

Returns the bearer format of the token.

ToXOAuth

Returns an XOAuth2 compliant authentication signature.

AuthURL

Returns or sets the authorization url.

PRIVATE ATTRIBUTES

PRIVATE METHODS