3 # This file is part of Koha.
5 # Koha is free software; you can redistribute it and/or modify it under the
6 # terms of the GNU General Public License as published by the Free Software
7 # Foundation; either version 3 of the License, or (at your option) any later
10 # Koha is distributed in the hope that it will be useful, but WITHOUT ANY
11 # WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
12 # A PARTICULAR PURPOSE. See the GNU General Public License for more details.
14 # You should have received a copy of the GNU General Public License along
15 # with Koha; if not, write to the Free Software Foundation, Inc.,
16 # 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
20 use Koha::OAuthAccessTokens;
24 Koha::OAuth - Koha library for OAuth2 callbacks
32 my $config = Koha::OAuth->config;
34 Returns a hashref containing the callbacks Net::OAuth2::AuthorizationServer requires
40 verify_client_cb => \&_verify_client_cb,
41 store_access_token_cb => \&_store_access_token_cb,
42 verify_access_token_cb => \&_verify_access_token_cb
46 =head3 _verify_client_db
48 A callback to verify if the client asking for authorization is known to the authorization server
49 and allowed to get authorization.
53 sub _verify_client_cb {
56 my ($client_id, $client_secret)
57 = @args{ qw/ client_id client_secret / };
59 return (0, 'unauthorized_client') unless $client_id;
61 my $clients = C4::Context->config('api_client');
62 $clients = [ $clients ] unless ref $clients eq 'ARRAY';
63 my ($client) = grep { $_->{client_id} eq $client_id } @$clients;
64 return (0, 'unauthorized_client') unless $client;
66 return (0, 'access_denied') unless $client_secret eq $client->{client_secret};
68 return (1, undef, []);
71 =head3 _store_access_token_cb
73 A callback to store the generated access tokens.
77 sub _store_access_token_cb {
80 my ( $client_id, $access_token, $expires_in )
81 = @args{ qw/ client_id access_token expires_in / };
83 my $at = Koha::OAuthAccessToken->new({
84 access_token => $access_token,
85 expires => time + $expires_in,
86 client_id => $client_id,
93 =head3 _verify_access_token_cb
95 A callback to verify the access token.
99 sub _verify_access_token_cb {
102 my $access_token = $args{access_token};
104 my $at = Koha::OAuthAccessTokens->find($access_token);
106 if ( $at->expires <= time ) {
107 # need to revoke the access token
110 return (0, 'invalid_grant')
113 return $at->unblessed;
116 return (0, 'invalid_grant')