Catalyst-Plugin-OIDC
3 results

 view release on metacpan or  search on metacpan

README.md  view on Meta::CPAN 

# Catalyst::Plugin::OIDC

This plugin makes it easy to integrate the OpenID Connect protocol into a Catalyst application.

It essentially uses the [OIDC-Client](https://metacpan.org/dist/OIDC-Client) distribution.

## Features

- creates the endpoint used by the provider to redirect the user back to your application
- retrieves the provider metadata and JWK keys when the application is launched
- redirects the browser to the authorize URL to initiate an authorization code flow
- gets the token(s) from the provider
- the tokens are stored for later use or for future requests
- refreshes access token if needed
- verifies a JWT token with support for automatic JWK key rotation
- introspects the access token
- gets the user information from the *userinfo* endpoint
- exchanges the access token
- redirects the browser to the logout URL

## Documentation

- [Plugin documentation](https://metacpan.org/pod/Catalyst::Plugin::OIDC)
- [Configuration](https://metacpan.org/pod/OIDC::Client::Config)

## Security Recommendation

t/auth-code-flow-IT.t  view on Meta::CPAN 


subtest 'Get public index page' => sub {
  my $res = request('/');
  ok($res->is_success, 'Status in success');
  like( $res->content, qr/Welcome/, 'Expected text');
};

subtest 'Get protected page in error because invalid token format' => sub {
  my $res = request('/protected');
  ok($res->is_redirect, 'Response is a redirect');
  like($res->header('Location'), qr[/authorize\?.+], 'Redirection to the authorize endpoint');
  $res = follow_redirects($res);
  is($res->code, 401, 'Expected error code');
  is($res->content, 'Authentication Error', 'Expected error message');
};

my $mock_crypt_jwt = Test::MockModule->new('Crypt::JWT');
$mock_crypt_jwt->redefine('decode_jwt' => sub {
  my %params = @_;
  my %claims = (
    iss   => 'my_issuer',

t/auth-code-flow-IT.t  view on Meta::CPAN 

  );
  return (
    $params{decode_header} ? { 'alg' => 'whatever' } : (),
    \%claims,
  );
});

subtest 'Get protected page ok' => sub {
  my $res = request('/protected?a=b&c=d');
  ok($res->is_redirect, 'Response is a redirect');
  like($res->header('Location'), qr[/authorize\?.+], 'Redirection to the authorize endpoint');
  $res = follow_redirects($res);
  ok($res->is_success, 'Status in success');
  like($res->content, qr/my_subject is authenticated/, 'Expected text');
  like($res->request->uri, qr[/protected\?a=b&c=d$],
       'Initial url is kept');
};

done_testing;

sub follow_redirects {

t/auth-code-flow-IT/MyProviderApp/app.pl  view on Meta::CPAN 

#!/usr/bin/env perl
use utf8;
use strict;
use warnings;
use Mojolicious::Lite;

# provider server routes
get('/wellknown' => sub {
  my $c = shift;
  my %url = (
    authorization_endpoint => '/authorize',
    end_session_endpoint   => '/logout',
    token_endpoint         => '/token',
    jwks_uri               => '/jwks',
  );
  $c->render(json => {map { $_ => $url{$_} } keys %url});
});
# get '/authorize' in MyCatalystApp/Controller/Root.pm (ugly but necessary)
post('/token' => sub {
       my $c = shift;
       my ($client_id, $client_secret) = split(':', $c->req->url->to_abs->userinfo);
       my $grant_type = $c->param('grant_type');
       my $code       = $c->param('code');



( run in 0.216 second using v1.01-cache-2.11-cpan-0ffa90cfd1c )