NAME
Plack::Middleware::Auth::AccessToken - Secret access token authentification
VERSION
version 0.1
SYNOPSIS
use Plack::Middleware::Auth::AccessToken;
use Plack::Builder;
my $app = sub { ... };
builder {
enable "Auth::AccessToken",
authenticator => \&check_token;
$app;
};
sub check_token {
my $token = shift;
return $token eq 'a02655d46dd0f2160529acaccd4dbf979c6e6e50';
}DESCRIPTION
Plack::Middleware::Auth::AccessToken is authentification handler for Plack that uses a secret access token. Access tokens are also known as OAuth Bearer tokens. Tokens can be provided as query parameters or in a HTTP request header:
https://example.org/api?access_token=ACCESS_TOKEN
Authorization: bearer ACCESS_TOKENThe latter is recommended because query parameters may show up on log files.
This middleware checks the access token via a callback function and returns an error document with HTTP code 401 on failure.
CONFIGURATION
- authenticator
-
A required callback function that takes an access token and returns whether the token is valid.
- token_type
-
Used to compare the authorization header. For instance the value 'token' will make the middleware look for a header such as:
Authorization: token ACCESS_TOKENThe token type is case-insensitive and set to 'bearer' by default.
- reject_http
-
An optional callback function that takes an access token that has been sent unencryptedly over HTTP. If this parameter has been set, a HTTP request is rejected without first consulting the authentificator. The callback function can be used to mark the access token as invalid.
SEE ALSO
See Plack::Middleware::Auth::OAuth2::ProtectedResource and Plack::Middleware::OAuth for modules that take more care to implement OAuth.
AUTHOR
Jakob Voß <voss@gbv.de>
COPYRIGHT AND LICENSE
This software is copyright (c) 2012 by Jakob Voß.
This is free software; you can redistribute it and/or modify it under the same terms as the Perl 5 programming language system itself.