Help language development. Donate to The Perl Foundation

Auth::SCRAM::Async cpan:LEONT last updated on 2022-02-10

Auth-SCRAM-Async-0.0.1/

Actions Status

NAME

Auth::SCRAM::Async - Salted Challenge Response Authentication Mechanism

SYNOPSIS

use Auth::SCRAM::Async;

my $client = Auth::SCRAM::Async::Client.new(:$username, :$password, :type(Auth::SCRAM::Async::SHA256));
my $client-first = $client.first-message;
send-message($client-first);

my $server-first = read-response();
with $client.final-message($server-first) -> $client-final {
    send-message($client-final);

    my $server-final = read-response();
    say "success" if $client.validate($server-final);
}

Description

This implements the Salted Challenge Response Authentication Mechanism.

Client

A client can be found as Auth::SCRAM::Async::Client. It has the following methods:

new

This creates a new Auth::SCRAM::Async::Client object. Every handshake should use a fresh object.

* Str :$username

  Authentication identity. This will be normalized with the SASLprep algorithm before being transmitted to the server. This argument is mandatory.

* Str :$password

  Authentication password. This will be normalized with the SASLprep algorithm before being transmitted to the server. This argument is mandatory.

* Str :$authorization-id

  If the authentication identity (username) will act as a different, authorization identity, this attribute provides the authorization identity. It is optional. If not provided, the authentication identity is considered by the server to be the same as the authorization identity.

* Auth::SCRAM::Async::Digest :$digest

  Identifier of a digest function. Valid values are `Auth::SCRAM::Async::SHA1`, `Auth::SCRAM::Async::SHA256`, `Auth::SCRAM::Async::SHA384`, or `Auth::SCRAM::Async::SHA512`. This argument is mandatory.

* Int :$minimum_iteration_count

  If the server requests an iteration count less than this value, the client will reject it. This protects against downgrade attacks. The default is 4096, consistent with recommendations in the RFC.

* Int :$nonce-bits

  Size of the client-generated nonce, in bits. Defaults to `192`. The server-nonce will be appended, so the final nonce size will be substantially larger.

first-message(--> Str)

This will return the opening message of a SCRAM handshake

final-message(Str $server-first --> Str)

This will process the first response from the server, and will generate the second message from the client.

validate(Str $server-final --> Bool)

This will validate the final response from the server, validating that they too know the shared secret.

Todo

See also

Author

Leon Timmermans [email protected]

Copyright and License

Copyright 2022 Leon Timmermans

This library is free software; you can redistribute it and/or modify it under the Artistic License 2.0.