Jakob Voß > Plack-Middleware-Auth-AccessToken-0.1 > Plack::Middleware::Auth::AccessToken

Download:
Plack-Middleware-Auth-AccessToken-0.1.tar.gz

Dependencies

Annotate this POD

Website

View/Report Bugs
Module Version: 0.1   Source   Latest Release: Plack-Middleware-Auth-AccessToken-0.11

NAME ^

Plack::Middleware::Auth::AccessToken - Secret access token authentification

VERSION ^

version 0.1

SYNOPSIS ^

    use Plack::Middleware::Auth::AccessToken;
    use Plack::Builder;

    my $app = sub { ... };

    builder {
        enable "Auth::AccessToken",
            authenticator => \&check_token;
        $app;
    };

    sub check_token {
        my $token = shift;
        return $token eq 'a02655d46dd0f2160529acaccd4dbf979c6e6e50'; 
    }

DESCRIPTION ^

Plack::Middleware::Auth::AccessToken is authentification handler for Plack that uses a secret access token. Access tokens are also known as OAuth Bearer tokens. Tokens can be provided as query parameters or in a HTTP request header:

    https://example.org/api?access_token=ACCESS_TOKEN

    Authorization: bearer ACCESS_TOKEN

The latter is recommended because query parameters may show up on log files.

This middleware checks the access token via a callback function and returns an error document with HTTP code 401 on failure.

CONFIGURATION ^

authenticator

A required callback function that takes an access token and returns whether the token is valid.

token_type

Used to compare the authorization header. For instance the value 'token' will make the middleware look for a header such as:

    Authorization: token ACCESS_TOKEN

The token type is case-insensitive and set to 'bearer' by default.

reject_http

An optional callback function that takes an access token that has been sent unencryptedly over HTTP. If this parameter has been set, a HTTP request is rejected without first consulting the authentificator. The callback function can be used to mark the access token as invalid.

SEE ALSO ^

See Plack::Middleware::Auth::OAuth2::ProtectedResource and Plack::Middleware::OAuth for modules that take more care to implement OAuth.

AUTHOR ^

Jakob Voß <voss@gbv.de>

COPYRIGHT AND LICENSE ^

This software is copyright (c) 2012 by Jakob Voß.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.

syntax highlighting: