Codebase list libauthen-bitcard-perl / HEAD
HEAD

Tree @HEAD (Download .tar.gz) 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
NAME
    Authen::Bitcard - Bitcard authentication verification

SYNOPSIS
        use CGI;
        use Authen::Bitcard;
        my $q = CGI->new;
        my $bc = Authen::Bitcard->new;
        $bc->token('bitcard-token');
        # send user to $bc->login_url(r => $return_url);
        # when the user comes back, get the user id with:
        my $user = $bc->verify($q) or die $bc->errstr;

DESCRIPTION
    *Authen::Bitcard* is an implementation of verification for signatures
    generated by Bitcard authentication. For information on the Bitcard
    protocol and using Bitcard in other applications, see
    *http://www.bitcard.org/api*.

    The module and the protocol are heavily based on *Authen::Typekey*. (In
    fact, the Bitcard authentication server also supports the TypeKey API!)

USAGE
  Authen::Bitcard->new
    Create a new *Authen::Bitcard* object.

  $bc->token([ $bitcard_token ])
    Your Bitcard token, which you passed to Bitcard when creating the
    original sign-in link.

    This must be set before calling *verify* or *login_url* (etc).

  $bc->bitcard_url( [ $url ])
    Get/set the base URL for the Bitcard service. The default URL is
    *https://www.bitcard.org/*. The other *_url methods are build based on
    the "bitcard_url" value.

  $bc->login_url( r => $return_url )
    Returns the URL for the user to login. Takes a hash or hash ref with
    extra parameters to put in the URL. One of them must be the "r"
    parameter with the URL the user will get returned to after logging in
    (or canceling the login).

  $bc->logout_url( r => $return_url )
    Returns the URL you can send the user if they wish to logout. Also needs
    the "r" parameter for the URL the Bitcard server should send the user
    back to after logging out.

  $bc->account_url( r => $return_url )
    Returns the URL the user can edit his Bitcard account information at.
    Also needs the "r" parameter like "login_url" and "logout_url".

  $bc->register_url( r => $return_url )
    Returns the URL for a user to register a new Bitcard account. Also needs
    the "r" parameter as above.

  $bc->key_url()
    Get the URL from which the Bitcard public key can be obtained.

  $bc->info_required(  $string | [ array ref ] )
    With info_required you specify what user data you require. The possible
    fields are "username", "name" and "email" (see "verify" for more
    information).

    The method takes either a comma separated string or a reference to an
    array.

    This must be called before "login_url".

    NOTE: "name" is currently not implemented well in the Bitcard server, so
    we recommend you require "username", but mark "name" as optional if you
    want the "display name" of the user returned.

  $bc->info_optional( $string | [ array ref ] )
    As "info_required" except the Bitcard server will ask the user to allow
    the information to be forwarded, but not require it to proceed.

    The Bitcard server will always have a confirmed email address on file
    before letting a user login.

  $bc->verify($query)
    Verify a Bitcard signature based on the other parameters given. The
    signature and other parameters are found in the *$query* object, which
    should be either a hash reference, or any object that supports a *param*
    method--for example, a *CGI* or *Apache::Request* object.

    If the signature is successfully verified, *verify* returns a reference
    to a hash containing the following values.

    *   id

        The unique user id of the Bitcard user on your site. It's a 128bit
        number as a 40 byte hex value.

        The id is always returned when the verification was successful (all
        other user data fields are optional, see "info_required" and
        "info_optional").

    *   username

        The unique username of the Bitcard user.

    *   name

        The user's display name.

    *   email

        The user's email address.

    *   ts

        The timestamp at which the signature was generated, expressed as
        seconds since the epoch.

    If verification is unsuccessful, *verify* will return "undef", and the
    error message can be found in "$bc->errstr".

  $bc->key_cache([ $cache ])
    Provide a caching mechanism for the public key.

    If *$cache* is a CODE reference, it is treated as a callback that should
    return the public key. The callback will be passed two arguments: the
    *Authen::TypeKey* object, and the URI of the key. It should return a
    hash reference with the *p*, *g*, *q*, and *pub_key* keys set to
    *Math::BigInt* objects representing the pieces of the DSA public key.

    Otherwise, *$cache* should be the path to a local file where the public
    key will be cached/mirrored.

    If *$cache* is not set, the key is not cached. By default, no caching
    occurs.

  $bc->skip_expiry_check([ $boolean ])
    Get/set a value indicating whether *verify* should check the expiration
    date and time in the TypeKey parameters. The default is to check the
    expiration date and time.

  $bc->expires([ $secs ])
    Get/set the amount of time at which a Bitcard signature is intended to
    expire. The default value is 600 seconds, i.e. 10 minutes.

  $bc->ua([ $user_agent ])
    Get/set the LWP::UserAgent-like object which will be used to retrieve
    the regkeys from the network. Needs to support *mirror* and *get*
    methods. By default, LWP::UserAgent is used, and this method as a getter
    returns "undef" unless the user agent has been previously set.

  $bc->version([ $version ])
    Get/set the version of the Bitcard protocol to use. The default version
    is 3.

  $bc->api_secret( $secret )
    Get/set the api_secret (needed for some API calls, add_invite for
    example).

  $bc->add_invite
    Returns a hashref with "invite_url" and "invite_key". Can be used for
    "invitation only" sites where you have to login before you can access
    the site.

LICENSE
    *Authen::Bitcard* is distributed under the Apache License; see the
    LICENSE file in the distribution for details.

AUTHOR & COPYRIGHT
    Except where otherwise noted, *Authen::Bitcard* is Copyright 2004-2010
    Develooper LLC, ask@develooper.com.

    Parts are Copyright 2004 Six Apart Ltd, cpan@sixapart.com.

    All rights reserved.

Commit History @HEAD