NAME
Dancer2::Plugin::JWT - JSON Web Token made simple for Dancer2
SYNOPSIS
use Dancer2;
use Dancer2::Plugin::JWT;
post '/login' => sub {
if (is_valid(param("username"), param("password"))) {
jwt { username => param("username") };
template 'index';
}
else {
redirect '/';
}
};
get '/private' => sub {
my $data = jwt;
redirect '/ unless exists $data->{username};
...
};
hook 'plugin.jwt.jwt_exception' => sub {
my $error = shift;
# do something
};DESCRIPTION
Registers the jwt keyword that can be used to set or retrieve the payload of a JSON Web Token.
To this to work it is required to have a secret defined in your config.yml file:
plugins:
JWT:
secret: "string or path to private RSA\EC key"
# default, or others supported by Crypt::JWT
alg: HS256
# required onlt for JWE
enc:
# add issued at field
need_iat: 1
# check not before field
need_nbf: 1
# in seconds
need_exp: 600
# timeshift for expiration
need_leeway: 30
# JWT cookie domain, in case you need to override it
cookie_domain: my_domain.com
# Attach Authorization header to HTTP response
set_authorization: 0
# Attach Set-Cookie header to HTTP response
set_cookie: 0
# Attach Location header to HTTP response when response is 300-399
# e.g. redirect
set_location: 0NOTE: A empty call (without arguments) to jwt will trigger the exception hook if there is no jwt defined.
NOTE: If you are using JWT to authenticate an API call to return, e.g. JSON, not a web page to display, be sure to set the config items set_authorization_header, set_cookie_header and set_location_header so you don't return any unnecessary headers.
BUGS
I am sure a lot. Please use GitHub issue tracker here.
ACKNOWLEDGEMENTS
To Lee Johnson for his talk "JWT JWT JWT" in YAPC::EU::2015.
To Nuno Carvalho for brainstorming and help with testing.
To user2014, thanks for making the module use Crypt::JWT.
COPYRIGHT AND LICENSE
Copyright 2015-2018 Alberto Simões, all rights reserved.
This module is free software and is published under the same terms as Perl itself.
AUTHOR
Alberto Simões <ambs@cpan.org>