Apache::AuthTypeKey - Apache authorization handler using TypeKey
## In httpd.conf or .htaccess: PerlModule Apache::AuthTypeKey PerlSetVar TypeKeyPath / PerlSetVar TypeKeyLoginScript /login.pl ## These documents require user to be logged in. <Location /protected> AuthType Apache::AuthTypeKey AuthName TypeKey PerlAuthenHandler Apache::AuthTypeKey->authenticate require valid-user PerlSetVar TypeKeyToken your_token </Location> ## This is the _return URL that the login.pl script should point to. <Location /login-protected> AuthType Apache::AuthTypeKey AuthName TypeKey SetHandler perl-script PerlHandler Apache::AuthTypeKey->login PerlSetVar TypeKeyToken your_token </Location>
Apache::AuthTypeKey implements Apache authentication and authorization handling using the TypeKey authentication service (http://typekey.com/). TypeKey is Six Apart's free, open service providing a central login for people to comment on weblogs, get access to protected information, etc.
To use Apache::AuthTypeKey, you'll need a TypeKey token that identifies your site. So you'll need to sign up for a TypeKey account at https://www.typekey.com/t/typekey/register, then fill out the Preferences form to include the URI of your application. Specifically, this URI should be the URI for the /login-protected area above, because that's the URI that TypeKey will return to after a user logs in.
Apache::AuthTypeKey is a subclass of Apache::AuthCookie, so it inherits all of that module's cookie-handling and authorization code. It also inherits all of that module's configuration settings and options.
Authentication is handled for you through TypeKey, and cookie handling is handled by Apache::AuthCookie. The value of the cookie will be the string returned from TypeKey, including the username, email address, name, and a DSA signature on those values, preventing users from forging the cookie.
The actual login form is on http://www.typekey.com/; the login screen that you'll be providing should be just a simple page linking people to that login screen, along with your TypeKey token and return URI. An example login screen is in eg/login.pl, but you'll probably wish to customize the HTML, as it's fairly plain.
The login script functionality is inherited from Apache::AuthCookie, so it's implemented as a script that you must configure in your httpd.conf or .htaccess. For example:
PerlSetVar TypeKeyLoginScript /login.pl
If you'd rather use a different mechanism for your login screen, you can subclass Apache::AuthTypeKey and override the login_form method. See the Apache::AuthCookie documentation for more details.
Apache::AuthTypeKey--coupled with TypeKey--will handle all of the authentication for you, telling you whether someone is a valid TypeKey user. For authorization, you have a couple of options:
If you'd like to allow any valid TypeKey user, just use
as in the SYNOPSIS above.
If you'd like to allow only certain TypeKey users, you can specify their TypeKey usernames in standard require statements. For example:
require user foo require user bar
This will allow only the TypeKey users
If you'd like to do something more complex, like look up valid TypeKey usernames in a database listing authorized users, you can subclass Apache::AuthTypeKey and override the authorize method. Note that Apache::AuthTypeKey doesn't actually provide its own authorize method anyway--it merely inherits Apache::AuthCookie->authorize.
Apache::AuthTypeKey is free software; you may redistribute it and/or modify it under the same terms as Perl itself.
Except where otherwise noted, Apache::AuthTypeKey is Copyright 2004 Six Apart Ltd, email@example.com. All rights reserved.