Catalyst::Plugin::OIDC

This plugin makes it easy to integrate the OpenID Connect protocol into a Catalyst application.

It essentially uses the OIDC-Client distribution.

Features

creates the endpoint used by the provider to redirect the user back to your application
retrieves the provider metadata and JWK keys when the application is launched
redirects the browser to the authorize URL to initiate an authorization code flow
gets the token(s) from the provider
the tokens are stored for later use or for future requests
refreshes access token if needed
verifies a JWT token with support for automatic JWK key rotation
introspects the access token
gets the user information from the userinfo endpoint
exchanges the access token
redirects the browser to the logout URL

Documentation

Security Recommendation

When using Catalyst::Plugin::OIDC, it is highly recommended to configure the framework to store session data, including sensitive tokens such as access and refresh tokens, on the backend rather than in client-side cookies. Although cookies can be signed and encrypted, storing tokens in the client exposes them to potential security threats.

Limitations

no support for tls_client_auth client authentication method
no support for Implicit or Hybrid flows (applicable to front-end applications only and deprecated)

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)