Dmitry Mukhin > GoogleIDToken-Validator-0.02 > GoogleIDToken::Validator

Download:
GoogleIDToken-Validator-0.02.tar.gz

Dependencies

Annotate this POD

View/Report Bugs
Module Version: 0.02   Source  

NAME ^

GoogleIDToken::Validator - allows you to verify on server side Google Access Token received by mobile application

VERSION ^

Version 0.02

SYNOPSIS ^

Perl implamentation of Google Access Token verification. Details can be found on android developers blog: http://android-developers.blogspot.com/2013/01/verifying-back-end-calls-from-android.html

This module ONLY: =item * Verifies that this token signed by google certificates. =item * Verifies that this token was received by mobile application with given Client IDs and for given web application Client ID.

Nothing more. Nothing connected with authorization on any of Google APIs etc etc

    use GoogleIDToken::Validator;

    my $validator = GoogleIDToken::Validator->new(
        #do_not_cache_certs => 1,                                       # will download google certificates from web every call of verify
        #google_certs_url       => 'https://some.domain.com/certs',     # in case they change URL in the future... default is: https://www.googleapis.com/oauth2/v1/certs
        certs_cache_file        => '/tmp/google.crt',                   # will cache certs in this file for faster verify if you are using CGI
        web_client_id   => '111222333444.apps.googleusercontent.com',   # Your Client ID for web applications received in Google APIs console
        app_client_ids  => [                                                            # Array of your Client ID for installed applications received in Google APIs console
            '777777777777-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com', # for exm. your production keystore ID
            '888888888888-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com'  # and your eclipse debug keystore ID
        ]
    );

    # web_client_id and at least one of app_client_ids are required

    # get the token from your mobile app somehow...
    my $token =  'eyJhbG..............very.long.base64.encoded.access.token............';

    my $payload = $validator->verify($token);
    if($payload) {
        # token is OK, lets see what we have got
        use Data::Dumper;
        print "payload: ".Dumper($payload);
    }

AUTHOR ^

Dmitry Mukhin, <admin at dimanoid.ru>

BUGS ^

Please report any bugs or feature requests to bug-googleidtoken-validator at rt.cpan.org, or through the web interface at http://rt.cpan.org/NoAuth/ReportBug.html?Queue=GoogleIDToken-Validator. I will be notified, and then you'll automatically be notified of progress on your bug as I make changes.

SUPPORT ^

You can find documentation for this module with the perldoc command.

    perldoc GoogleIDToken::Validator

You can also look for information at:

ACKNOWLEDGEMENTS ^

LICENSE AND COPYRIGHT ^

Copyright 2013 Dmitry Mukhin.

This program is free software; you can redistribute it and/or modify it under the terms of the the Artistic License (2.0). You may obtain a copy of the full license at:

http://www.perlfoundation.org/artistic_license_2_0

Any use, modification, and distribution of the Standard or Modified Versions is governed by this Artistic License. By using, modifying or distributing the Package, you accept this license. Do not use, modify, or distribute the Package, if you do not accept this license.

If your Modified Version has been derived from a Modified Version made by someone other than you, you are nevertheless required to ensure that your Modified Version complies with the requirements of this license.

This license does not grant you the right to use any trademark, service mark, tradename, or logo of the Copyright Holder.

This license includes the non-exclusive, worldwide, free-of-charge patent license to make, have made, use, offer to sell, sell, import and otherwise transfer the Package with respect to any patent claims licensable by the Copyright Holder that are necessarily infringed by the Package. If you institute patent litigation (including a cross-claim or counterclaim) against any party alleging that the Package constitutes direct or contributory patent infringement, then this Artistic License to you shall terminate on the date that such litigation is filed.

Disclaimer of Warranty: THE PACKAGE IS PROVIDED BY THE COPYRIGHT HOLDER AND CONTRIBUTORS "AS IS' AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES. THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT ARE DISCLAIMED TO THE EXTENT PERMITTED BY YOUR LOCAL LAW. UNLESS REQUIRED BY LAW, NO COPYRIGHT HOLDER OR CONTRIBUTOR WILL BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING IN ANY WAY OUT OF THE USE OF THE PACKAGE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

syntax highlighting: