NAME

Plack::Middleware::Auth::Bitcard - Bitcard authentication for Plack, which I suppose is what you might have guessed from the name

SYNOPSIS

use strict;
use warnings;

use Authen::Bitcard;
use Plack::Builder;

my $app = sub {
   my $env = shift;
   my $username = $env->{BITCARD}{username};
   ...;
};

my $bc = "Authen::Bitcard"->new;
$bc->token("12345678");
$bc->api_secret("1234567890ABCDEF");

builder {
   enable "Auth::Bitcard", bitcard => $bc;
   $app;
};

DESCRIPTION

This module provides Plack middleware for Bitcard authentication.

What is Bitcard? It's a trusted third-party authentication system. Like OpenID but centralised, somewhat outdated, and pretty obscure.

So why use it? You probably shouldn't. An exception would be if you need login functionality for a website that is aimed at Perl developers. This is because Bitcard is already used as login for rt.cpan.org and cpanratings.perl.org, so many Perl developers already have a login set up.

Simple usage

The example in the SYNOPSIS section shows how easy it is to add Bitcard authentication to an existing PSGI app.

You'll need a Bitcard token and API secret for your website - to get these, sign into http://www.bitcard.org/, go to your account settings, click on "My Sites", then add a new site. You will need to tell it your site's name, and a URL. This URL should be the "base" URL for your PSGI app with /_bitcard_boomerang added to the end. For example, if you are serving http://bugs.example.com/ using Plack, then the URL you want is http://bugs.example.com/_bitcard_boomerang. Once you've entered that information, the bitcard.org site will issue you with a token and API secret.

With this simple setup, all requests to your site will be protected by Bitcard authentication. When somebody first hits your site, they'll be instantly redirected to bitcard.org to login.

Once they've logged in, their Bitcard details, including their username will be in $env->{BITCARD}.

No login necessary

You may want to specify that certain parts of your site do not require a login; or perhaps visitors from certain IP addresses do not need to login; or whatever.

This module accepts a coderef which can check these sorts of criteria:

builder {
   enable "Auth::Bitcard",
      bitcard => $bc,
      skip_if => sub { my $env = shift; ... };
   $app;
};

If the coderef returns true, then Bitcard authentication will be skipped for the given request.

Showing different views of the site

Perhaps you don't always need people to login to your site. Maybe you are happy for them to browse a public version of your site, and they only need to login if they want to access the super-awesome features.

In this case, you can provide an on_unauth action:

builder {
   enable "Auth::Bitcard",
      bitcard   => $bc,
      on_unauth => sub { my $env = shift; ... };
   $app;
};

on_unauth is a PSGI app in its own right, and is expected to return a PSGI-style arrayref.

You can obtain login/logout URLs using the following:

my $login_url    = $env->{BITCARD_URL}->(login_url => $env);
my $logout_url   = $env->{BITCARD_URL}->(logout_url => $env);

There are also URLs for the user's account settings page, and to register for a new bitcard account.

my $account_url  = $env->{BITCARD_URL}->(account_url => $env);
my $register_url = $env->{BITCARD_URL}->(register_url => $env);

When logged in people return to your site, they will arrive back at your site's base URL. If you wish to send them elsewhere, set a cookie containing the full URL you wish them to return to:

my $res = "Plack::Response"->new;
$res->cookies->{bitcard_return_to} = "http://example.com/goodbye";
$res->redirect($env->{BITCARD_URL}->(logout_url => $env));
return $res->finalize;

BUGS

Please report any bugs to http://rt.cpan.org/Dist/Display.html?Queue=Plack-Middleware-Auth-Bitcard.

SEE ALSO

Authen::Bitcard.

AUTHOR

Toby Inkster <tobyink@cpan.org>.

COPYRIGHT AND LICENCE

This software is copyright (c) 2013 by Toby Inkster.

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.

DISCLAIMER OF WARRANTIES

THIS PACKAGE IS PROVIDED "AS IS" AND WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTIBILITY AND FITNESS FOR A PARTICULAR PURPOSE.