OAuth

From Dreamwidth Notes
Jump to: navigation, search

Dreamwidth has basic support for OAuth 1.0a authentication. It's not configured by default, and as of right now the only page that allows for OAuth access is the OAuth test page. But there are plans in the future to use it for the new REST-based API.

First, install and configure Memcache . Dreamwidth's OAuth support uses Memcache for its storage of temporary authentication keys.

Next, run bin/upgrading/gen-secrets.pl

$ cd $LJHOME
$ bin/upgrading/gen-secrets.pl

This will output a set of configuration lines. Paste those changes into the bottom of your ext/local/etc/config-private.pl file.

Restart your Dreamwidth server to pick up those changes.

Now we're ready to register your consumer. Go to http://www.your-dw-site.com/admin/oauth and create a new consumer. You can call it whatever you want.

Once we have a consumer registered we can actually get an access token for your user.

Token authorization is most easily done in a web context. Here is a sample web application which grants access to an OAuth token. It uses Dancer, so you'll need to install it first.

$ sudo apt install libdancer-perl

And the app itself. Copy and paste it into a file called dancerauth.pl

 # dancerauth.pl
 # Web Server Example (Dancer / Dreamwidth OAuth)
 
 # This example is modified from the version in the documentation for Net::OAuth
 
 use Dancer;
 use Net::OAuth::Client;
 
 set session => 'YAML';
 
 sub client {
   Net::OAuth::Client->new(
       "yourtoken", #token
       "yoursecret", #secret
       site => 'http://www.your-dw-site.com/', #hostname
       request_token_path => '/oauth/request_token',
       authorize_path => '/oauth/authorize',
       access_token_path => '/oauth/access_token',
       callback => "http://localhost:3000/auth/dw/callback",
       session => \&session,
       );
 }
 
 get '/' => sub {
   return '<a href="http://localhost:3000/auth/dw">auth</a>';
 };
 
 # Send user to authorize with service provider
 get '/auth/dw' => sub {
   redirect client->authorize_url;
 };
 
 # User has returned with token and verifier appended to the URL.
 get '/auth/dw/callback' => sub {
   my $access_token =  client->get_access_token(params->{oauth_token}, params->{oauth_verifier});
 
   my $response = $access_token->get('/oauth/test');
   
   info "token=" . $access_token->token . " token_secret=" . $access_token->token_secret . " \n";
   if ($response->is_success) {
       return "Yay, it worked!<br>token: " . $access_token->token . 
              "<br>token_secret: " .  $access_token->token_secret . 
              "<br><a href='http://localhost:3000/'>Try again</a> <br> " . 
              "<a href='http://localhost:3000/auth/tokentest'>Test token</a><br>" . 
              $response->decoded_content;
   }
   else {
       return "Error: " . $response->status_line;
   }
 };
 
 # tests using the token/secret
 get '/auth/tokentest' => sub {    
   # Use the auth code to fetch the access token
   my $access_token =  Net::OAuth::AccessToken->new(
       client => client,
       token => "accesstokenfromcallback", #your access token
       token_secret => "accesssecretfromcallback", #your access secret
       );
 
   my $response = $access_token->get('/oauth/test');
 
   if ($response->is_success) {
       return $response->decoded_content;
   }
   else {
       return "Error: " . $response->status_line;
   }
 };
 
 set logger => 'console';
 set show_errors => 1;
 dance;


Modify the first 'sub client' section to use your hostname and your registered consumer's token and secret.

Run the example

 $ perl dancerauth.pl

In your browser, if you haven't already logged into your site, do so. Then browse to http://localhost:3000/ (dancer runs on port 3000 by default).

Click on the 'auth' link. You should be redirected to a page on your DW site asking you to grant your newly registered program access to your account. Click accept, and you should be redirected to a success page

 Yay, it worked!
 token: (your new access token)
 token_secret: (your access token's secret)
 Try again
 Test token
 {"ok":1,"username":"yourusername","userid":"yourid"}

Now you should have a token which will give OAuth access to your account. To test it, stop your dancer server and edit the /auth/tokentest section. Add the token and token_secret you got from your previous request in the appropriate places. Restart your dancer server, and go to http://localhost:3000/auth/tokentest (or just click on the 'Test token' link from your previous request). It should also return a success page.