Jakob Voß > Plack-Middleware-Auth-AccessToken > Plack::Middleware::Auth::AccessToken

Download:
Plack-Middleware-Auth-AccessToken-0.11.tar.gz

Dependencies

Annotate this POD

View/Report Bugs
Module Version: 0.11   Source  

NAME ^

Plack::Middleware::Auth::AccessToken - Secret access token (aka OAuth Bearer) authentification

VERSION ^

version 0.11

SYNOPSIS ^

    use Plack::Middleware::Auth::AccessToken;
    use Plack::Builder;

    my $app = sub { ... };

    builder {
        enable "Auth::AccessToken",
            authenticator => \&check_token;
        $app;
    };

    sub check_token {
        my $token = shift;
        return $token eq 'a02655d46dd0f2160529acaccd4dbf979c6e6e50'; 
    }

DESCRIPTION ^

Plack::Middleware::Auth::AccessToken is authentification handler for Plack that uses a secret access token. Access tokens are also known as OAuth Bearer tokens. Tokens can be provided both in a HTTP request header or as query parameter:

    https://example.org/api
    Authorization: bearer ACCESS_TOKEN

    https://example.org/api?access_token=ACCESS_TOKEN

The former is recommended because query parameters may show up on log files.

This middleware checks the access token via a callback function and returns an error document with HTTP code 401 on failure.

CONFIGURATION ^

authenticator

A required callback function that takes an access token and returns whether the token is valid. The PSGI environment is passed as second argument, but making use of it should be bad practice.

token_type

Used to compare the authorization header. For instance the value 'token' will make the middleware look for a header such as:

    Authorization: token ACCESS_TOKEN

The token type is case-insensitive and set to 'bearer' by default.

reject_http

An optional callback function that takes an access token that has been sent unencryptedly over HTTP. If this parameter has been set, a HTTP request is rejected without first consulting the authentificator. The callback function can be used to mark the access token as invalid.

SEE ALSO ^

See Plack::Middleware::Auth::OAuth2::ProtectedResource and Plack::Middleware::OAuth for modules that take more care to implement OAuth.

AUTHOR ^

Jakob Voß <voss@gbv.de>

COPYRIGHT AND LICENSE ^

This software is copyright (c) 2013 by Jakob Voß.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.

syntax highlighting: