GoogleIDToken::Validator - allows you to verify on server side Google Access Token received by mobile application
Version 0.01
Perl implamentation of Google Access Token verification. Details can be found on android developers blog: http://android-developers.blogspot.com/2013/01/verifying-back-end-calls-from-android.html
This module ONLY: 1. Verifies that this token signed by google certificates. 2. Verifies that this token was received by mobile application with given Client IDs and for given web application Client ID.
Nothing more. Nothing connected with authorization on any of Google APIs etc etc
Common use:
use GoogleIDToken::Validator;
my $validator = GoogleIDToken::Validator->new( #do_not_cache_certs => 1, # will download google certificates from web every call of verify #google_certs_url => 'https://some.domain.com/certs', # in case they change URL in the future... default is: https://www.googleapis.com/oauth2/v1/certs certs_cache_file => '/tmp/google.crt', # will cache certs in this file for faster verify if you are using CGI web_client_id => '111222333444.apps.googleusercontent.com', # Your Client ID for web applications received in Google APIs console app_client_ids => [ # Array of your Client ID for installed applications received in Google APIs console '777777777777-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com', # for exm. your production keystore ID '888888888888-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com' # and your eclipse debug keystore ID ] );
# web_client_id and at least one of app_client_ids are required
# get the token from your mobile app somehow... my $token = 'eyJhbG..............very.long.base64.encoded.access.token............';
my $payload = $validator->verify($token); if($payload) { # token is OK, lets see what we got use Data::Dumper; print "payload: ".Dumper($payload); }
Dmitry Mukhin, <admin at dimanoid.ru>
<admin at dimanoid.ru>
Please report any bugs or feature requests to bug-googleidtoken-validator at rt.cpan.org, or through the web interface at http://rt.cpan.org/NoAuth/ReportBug.html?Queue=GoogleIDToken-Validator. I will be notified, and then you'll automatically be notified of progress on your bug as I make changes.
bug-googleidtoken-validator at rt.cpan.org
You can find documentation for this module with the perldoc command.
perldoc GoogleIDToken::Validator
You can also look for information at:
RT: CPAN's request tracker (report bugs here)
http://rt.cpan.org/NoAuth/Bugs.html?Dist=GoogleIDToken-Validator
AnnoCPAN: Annotated CPAN documentation
http://annocpan.org/dist/GoogleIDToken-Validator
CPAN Ratings
http://cpanratings.perl.org/d/GoogleIDToken-Validator
Search CPAN
http://search.cpan.org/dist/GoogleIDToken-Validator/
Copyright 2013 Dmitry Mukhin.
This program is free software; you can redistribute it and/or modify it under the terms of the the Artistic License (2.0). You may obtain a copy of the full license at:
http://www.perlfoundation.org/artistic_license_2_0
Any use, modification, and distribution of the Standard or Modified Versions is governed by this Artistic License. By using, modifying or distributing the Package, you accept this license. Do not use, modify, or distribute the Package, if you do not accept this license.
If your Modified Version has been derived from a Modified Version made by someone other than you, you are nevertheless required to ensure that your Modified Version complies with the requirements of this license.
This license does not grant you the right to use any trademark, service mark, tradename, or logo of the Copyright Holder.
This license includes the non-exclusive, worldwide, free-of-charge patent license to make, have made, use, offer to sell, sell, import and otherwise transfer the Package with respect to any patent claims licensable by the Copyright Holder that are necessarily infringed by the Package. If you institute patent litigation (including a cross-claim or counterclaim) against any party alleging that the Package constitutes direct or contributory patent infringement, then this Artistic License to you shall terminate on the date that such litigation is filed.
Disclaimer of Warranty: THE PACKAGE IS PROVIDED BY THE COPYRIGHT HOLDER AND CONTRIBUTORS "AS IS' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES. THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT ARE DISCLAIMED TO THE EXTENT PERMITTED BY YOUR LOCAL LAW. UNLESS REQUIRED BY LAW, NO COPYRIGHT HOLDER OR CONTRIBUTOR WILL BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING IN ANY WAY OUT OF THE USE OF THE PACKAGE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
To install GoogleIDToken::Validator, copy and paste the appropriate command in to your terminal.
cpanm
cpanm GoogleIDToken::Validator
CPAN shell
perl -MCPAN -e shell install GoogleIDToken::Validator
For more information on module installation, please visit the detailed CPAN module installation guide.