1 package Koha::REST::V1::OAuth;
5 use Mojo::Base 'Mojolicious::Controller';
7 use Net::OAuth2::AuthorizationServer;
13 my $c = shift->openapi->valid_input or return;
15 my $grant_type = $c->validation->param('grant_type');
16 unless ( $grant_type eq 'client_credentials' and C4::Context->preference('RESTOAuth2ClientCredentials') ) {
17 return $c->render(status => 400, openapi => {error => 'Unimplemented grant type'});
20 my $client_id = $c->validation->param('client_id');
21 my $client_secret = $c->validation->param('client_secret');
23 my $cb = "${grant_type}_grant";
24 my $server = Net::OAuth2::AuthorizationServer->new;
25 my $grant = $server->$cb(Koha::OAuth::config);
27 # verify a client against known clients
28 my ( $is_valid, $error ) = $grant->verify_client(
29 client_id => $client_id,
30 client_secret => $client_secret,
34 return $c->render(status => 403, openapi => {error => $error});
38 my $token = $grant->token(
39 client_id => $client_id,
44 my $expires_in = 3600;
45 $grant->store_access_token(
46 client_id => $client_id,
47 access_token => $token,
48 expires_in => $expires_in,
52 access_token => $token,
53 token_type => 'Bearer',
54 expires_in => $expires_in,
57 return $c->render(status => 200, openapi => $response);