AnyEvent::Yubico(3) AnyEvent based Perl extension for validating YubiKey OTPs.

SYNOPSIS


use AnyEvent::Yubico;

$yk = AnyEvent::Yubico->new({ client_id => 4711, api_key => '<your API key here>' });
$result = $yk->verify('<YubiKey OTP here>');
if($result) ...

For more details about the response, instead call verify_sync($otp), which returns a hash containing all the parameters that were in the response.

  $result_details = $yk->verify_sync('<YubiKey OTP here>');
  if($result_details->{status} == 'OK') ...

As an alternative, you can call verify_async, which will return a condition variable immediately. This can be used if your application already uses an asynchronous model. You can also pass a callback as a second parameter to verify as well as verify_async, which will be invoked once validation has completed, with the result.

  $result_cv = $yk->verify_async('<YubiKey OTP here>', sub {
      #Callback invoked when verification is done
      $result_details = shift;
      if($result_details->{status} eq 'OK') ...
  });
  
  #Wait for the result (blocking, same as calling verify directly).
  $result_details = $result_cv->recv;

DESCRIPTION

Validates a YubiKey OTP (One Time Password) using the YKVAL 2.0 protocol as defined here: https://github.com/Yubico/yubikey-val/wiki/ValidationProtocolV20

To use this module, an API key is required, which can be requested here: https://upgrade.yubico.com/getapikey/

When creating the AnyEvent::Yubico instance, the following arguments can be passed:

client_id = $id_int
Required. The client ID corresponding to the API key.
api_key => $api_key_string
Optional. The API key used to sign requests and verify responses. Without this response signatures won't be verified.
urls => $array_of_urls
Optional. Defines which validation server URLs to query. The default uses the public YubiCloud validation servers. Must support version 2.0 of the validation protocol.

Example:

  $yk = AnyEvent::Yubico->new({
      client_id => ...,
      api_key => ...,
      urls => [
          "http://example.com/wsapi/2.0/verify",
          "http://127.0.0.1/wsapi/2.0/verify"
      ]
  });
sign_requests => $enable
Optional. When enabled (enabled by default) requests will be signed, as long as api_key is also provided.
timeout => $seconds
Optional. Timeout parameter sent to the server, see the protocol details for more information.
sl => $level
Optional. Security level parameter sent to the server, see the protocol details for more information.
timestamp => $enable
Optional. When enabled, sends the timestamp parameter to the server, causing YubiKey counter and timestamp information to be returned in the response.
local_timeout => $seconds
Optional. Sets the local timeout for how long the verify method will wait until failing. The default is 30 seconds.

AUTHOR

Dain Nilsson, <[email protected]>

COPYRIGHT AND LICENSE

Copyright (C) 2013 Yubico AB All rights reserved.

Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:

    * Redistributions of source code must retain the above copyright
      notice, this list of conditions and the following disclaimer.
    * Redistributions in binary form must reproduce the above
      copyright notice, this list of conditions and the following
      disclaimer in the documentation and/or other materials provided
      with the distribution.

THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.