How to authenticate with oauth in perl (Dancer, GitHub, LWP::UserAgent)

, perl, web-dev

I’ve been playing with perl a lot lately and after recently playing with Catalyst, I moved on to Dancer.

Dancer has a nice tutorial with a simple dummy blog application. The app is on GitHub here. It describes quite a few aspects about Dancer, including sessions, routes, storage and displaying pages.

It’s a neat little example in that it’s hardly a few files.

Naturally I wanted to get my hands dirty and wanted to try and implement OAuth authentication with github. I don’t mean by pulling a nice CPAN module (there isn’t one) but writing the whole OAuth flow myself. Fortunately I found this to be a simple task.

I managed to change the authentication in the sample dancer app to login with github. I added this in a forked project.

So I’m going to describe the following:

  • Use LWP::UserAgent to make requests to github
  • Use JSON::Parse to gather the response from GitHub
  • Set a session object to the username and avatar img url and use this on the masterpage (

So you can see the forked project files. I just changed and I also removed since there is no need for that. You have to add your application with github and then you’ll get a client id and client secret.

Step 1 :

To login you have to redirect to with the following params : YOUR CLIENT ID, redirect url, scope (these are permissions you want) and finally state which is used to prevent cross-site request forgery attacks

I added two variables on the top and the login route changes to just redirect the user to githubs login page. If the user allows your app, then github will send a special code to your app by calling your callback url.

Step 2 :

Goto your Github > Account Settings -> Applications -> Your App -> Callback Url. Note you can set this to localhost byt specifying it like this<SOMEPORT>. I setup this url to /auth/github/callback. So in my I added this route, hopefully the comments should be a good explanation:

This route sub uses a helper method that looks like the following, it parses the query string into a hash.

Step 3 :

The above step adds a few session variables if all goes well, so I then use these in the page like this:

And that’s about it. If all goes well your homepage should look like this:

Dancr screenie

Any comments, feedback and insults about this article are very welcome! :)

Share on Twitter, Facebook, Google+
Prev Next