NAME
Plack::Middleware::Zitadel - Verify Bearer tokens via ZITADEL OIDC in Plack apps
VERSION
version 0.010
SYNOPSIS
use Plack::Builder;
my $app = sub { [200, ['Content-Type' => 'text/plain'], ['ok']] };
my $wrapped = builder {
enable 'Plack::Middleware::Zitadel',
issuer => 'https://zitadel.example.com',
audience => 'my-api',
required_scopes => ['openid', 'profile'];
$app;
};DESCRIPTION
Validates incoming Bearer tokens using WWW::Zitadel::OIDC and injects decoded claims into the PSGI environment.
On success, claims are available in $env-{'zitadel.claims'}> and the raw token in $env-{'zitadel.token'}>.
On failure, responds with 401 or 403 and a JSON body plus a WWW-Authenticate: Bearer header per RFC 6750.
issuer
OIDC issuer URL. Required unless oidc is provided.
audience
Optional audience string passed to verify_token.
required_scopes
Optional scope requirement as an arrayref or space-separated string. All listed scopes must be present in the token's scope claim.
claims_env_key
PSGI env key under which decoded claims are stored. Defaults to zitadel.claims.
realm
Realm value in the WWW-Authenticate response header. Defaults to api.
oidc
Optional pre-built OIDC object. Must implement verify_token. When provided, issuer is not required.
SUPPORT
Issues
Please report bugs and feature requests on GitHub at https://github.com/Getty/p5-plack-middleware-zitadel/issues.
IRC
Join #langertha on irc.perl.org or message Getty directly.
CONTRIBUTING
Contributions are welcome! Please fork the repository and submit a pull request.
AUTHOR
Torsten Raudssus <torsten@raudssus.de> https://raudssus.de/
COPYRIGHT AND LICENSE
This software is copyright (c) 2026 by Torsten Raudssus.
This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.