NAME

Plack::Middleware::Auth::JWT - Token-based Auth (aka Bearer Token) using JSON Web Tokens (JWT)

VERSION

version 0.900

SYNOPSIS

# use Crypt::JWT to decode the JWT
use Plack::Builder;
builder {
    enable "Plack::Middleware::Auth::JWT",
        decode_args => { key => '12345' },
    ;
    $app;
};

# or provide your own decoder in a callback
use Plack::Builder;
builder {
    enable "Plack::Middleware::Auth::JWT",
        decode_callback => sub {
            my $token = shift;
            ....
        },
    ;
    $app;
};


# curl -H 'Authorization: Bearer eyJhbG...'
# if the JWT is valid, two keys will be added to $env->{psgix}
# $env->{'psgix.token'}  = 'original_token'
# $env->{'psgix.claims'} = { sub => 'bart' } # claims as hashref

DESCRIPTION

Plack::Middleware::Auth::JWT helps you to use JSON Web Tokens (or JWT) for authentificating HTTP requests. Tokens can be provided in the Authorization HTTP Header, or as a query parameter (though passing the JWT via the header is the prefered method).

Configuration

TODO

decode_args

See <Crypt::JWT decode_jwt>

Please note that key might has to be passed as a string-ref or an object, see Crypt::JWT

It is very much recommended that you only allow the algorithms you are actually using by setting accepted_alg! Per default, 'none' is not allowed.

Hardcoded:

decode_payload = 1
decode_header  = 0

Different defaults:

verify_exp = 1
leeway     = 5

You either have to use decode_args, or provide a decode_callback.

decode_callback

Callback to decode the token. Gets the token as a string and the psgi-env, has to return a hashref with claims.

You have to either provide a callback, or use decode_args.

psgix_claims

Name of the entry in psgix were the claims are stored, default 'claims', so you can get the (for example) sub claim via

$env->{'psgix.claims'}->{sub}

psgix_token

Name of the entry in psgix were the raw token is stored, default 'token'.

token_required

If set to a true value, all requests need to include a valid JWT. Default false, so you have to check in your application code if a token was submitted.

token_header_name

Name of the token in the HTTP Authorization header, default 'Bearer'. If you set it to 0, headers will be ignored.

token_query_name

Name of the HTTP query param that contains the token, default 'token'. If you set it to 0, tokens in the query will be ignored.

Example

TODO, in the meantime you can take a look at the tests.

THANKS

Thanks to

validad.com for supporting Open Source.

AUTHOR

Thomas Klausner <domm@cpan.org>

COPYRIGHT AND LICENSE

This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.

To install Plack::Middleware::Auth::JWT, copy and paste the appropriate command in to your terminal.

cpanm

cpanm Plack::Middleware::Auth::JWT

CPAN shell

perl -MCPAN -e shell
install Plack::Middleware::Auth::JWT

For more information on module installation, please visit the detailed CPAN module installation guide.

	Global
`s`	Focus search bar
`?`	Bring up this help dialog

	GitHub
`g` `p`	Go to pull requests
`g` `i`	go to github issues (only if github is preferred repository)

	POD
`g` `a`	Go to author
`g` `c`	Go to changes
`g` `i`	Go to issues
`g` `d`	Go to dist
`g` `r`	Go to repository/SCM
`g` `s`	Go to source
`g` `b`	Go to file browse

	Search terms
module: (e.g. module:Plugin)
distribution: (e.g. distribution:Dancer auth)
author: (e.g. author:SONGMU Redis)
version: (e.g. version:1.00)