4 use Koha
::OAuthAccessTokens
;
5 use Koha
::OAuthAccessToken
;
9 verify_client_cb
=> \
&_verify_client_cb
,
10 store_access_token_cb
=> \
&_store_access_token_cb
,
11 verify_access_token_cb
=> \
&_verify_access_token_cb
15 sub _verify_client_cb
{
18 my ($client_id, $client_secret)
19 = @args{ qw
/ client_id client_secret / };
21 return (0, 'unauthorized_client') unless $client_id;
23 my $clients = C4
::Context
->config('api_client');
24 $clients = [ $clients ] unless ref $clients eq 'ARRAY';
25 my ($client) = grep { $_->{client_id
} eq $client_id } @
$clients;
26 return (0, 'unauthorized_client') unless $client;
28 return (0, 'access_denied') unless $client_secret eq $client->{client_secret
};
30 return (1, undef, []);
33 sub _store_access_token_cb
{
36 my ( $client_id, $access_token, $expires_in )
37 = @args{ qw
/ client_id access_token expires_in / };
39 my $at = Koha
::OAuthAccessToken
->new({
40 access_token
=> $access_token,
41 expires
=> time + $expires_in,
42 client_id
=> $client_id,
49 sub _verify_access_token_cb
{
52 my $access_token = $args{access_token
};
54 my $at = Koha
::OAuthAccessTokens
->find($access_token);
56 if ( $at->expires <= time ) {
57 # need to revoke the access token
60 return (0, 'invalid_grant')
63 return $at->unblessed;
66 return (0, 'invalid_grant')