NAME

Catalyst::Plugin::OpenIDConnect::Utils::Store - In-process memory store for OIDC state

DESCRIPTION

Provides in-process memory storage for authorization codes and OIDC session state. Suitable for development and single-process deployments.

Not suitable for multi-process servers such as FastCGI or pre-forking because each worker process has its own independent copy of the data. For those deployments, use Catalyst::Plugin::OpenIDConnect::Utils::Store::Redis or another shared-backend store that consumes Catalyst::Plugin::OpenIDConnect::Role::Store.

ATTRIBUTES

codes

Storage for authorization codes (code => {client_id, user, scope, ...})

sessions

Storage for user sessions (session_id => {user, tokens, ...})

logger

Optional logger instance for debug/info logging.

METHODS

create_authorization_code($client_id, $user, $scope, $redirect_uri, $nonce, $pkce)

Creates an authorization code for the given parameters. $pkce is an optional hashref with keys code_challenge and code_challenge_method; omit or pass undef for non-PKCE flows.

Returns the authorization code string.

get_authorization_code($code)

Retrieves an authorization code by value.

Returns the code data hashref or undef if not found.

consume_authorization_code($code)

Atomically deletes the authorization code and returns its data. Uses Perl's delete which fetches and removes the hash entry in a single operation, making it race-free within a single process.

Returns the code data hashref on success, or undef if the code does not exist or has expired.

store_refresh_token($jti, $sub, $client_id, $ttl)

Stores a refresh token JTI with the associated subject, client, and a TTL in seconds. Called at token-issuance time so that the token endpoint can later enforce single-use semantics via "consume_refresh_token".

consume_refresh_token($jti)

Atomically removes the JTI from the store and returns the associated data hashref, or undef if absent or expired (already used / revoked / TTL elapsed).

revoke_refresh_tokens_for_user($sub)

Removes all refresh token JTIs for the given subject identifier from the store. Called at logout time to prevent re-use of stolen tokens.

AUTHOR

Tim F. Rayner

LICENSE

This library is free software; you can redistribute it and/or modify it under the terms of The Artistic License 2.0.

To install Catalyst::Plugin::OpenIDConnect, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Catalyst::Plugin::OpenIDConnect

CPAN shell

perl -MCPAN -e shell
install Catalyst::Plugin::OpenIDConnect

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	Go to GitHub issues (only if GitHub is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)