view release on metacpan or  search on metacpan

lib/Mojolicious/Plugin/Kinde.pm  view on Meta::CPAN

sub register {
	my ( $self, $app, $conf ) = @_;

	my $jwks_url  = $conf->{jwks_url} || $app->config->{kinde}->{jwks_url};
	my $jwks_keys = Mojo::UserAgent->new->get($jwks_url)->result->json('/keys');
	$self->jwt( Mojo::JWT->new( jwks => $jwks_keys ) );

	$self->iss( $conf->{iss}           || $app->config->{kinde}->{iss} );
	$self->audience( $conf->{audience} || $app->config->{kinde}->{audience} );

	$app->helper( get_kinde_claims => sub { _validate_auth_header( $self, @_ ) } );

	$app->routes->add_condition( kinde_auth => sub { _validate_route( $self, @_ ) } );

} ## end sub register

sub _validate {
	my ( $self, $c, $token ) = @_;

	if ($token) {
		my $token_data = $token ? $self->jwt->decode($token) : undef;

		Mojo::Exception->throw('The token does not exist or is not valid') unless $token_data;
		Mojo::Exception->throw('The `iss` claim does not match')           unless $token_data->{iss} eq $self->iss;
		Mojo::Exception->throw('The signature `alg` is not RS256')         unless $self->jwt->algorithm eq 'RS256';
		Mojo::Exception->throw('The expected audience is missing')
		  if $self->audience

lib/Mojolicious/Plugin/Kinde.pm  view on Meta::CPAN

		$c->stash->{kinde_user} = { id => $token_data->{'sub'} };

		return $token_data;

	} else {

		return undef;

	} ## end if ($token)

} ## end sub _validate

sub _validate_auth_header {
	my ( $self, $c ) = @_;

	my $headers = $c->req->headers;
	my $auth    = $headers->header('Authorization');
	my $token   = $auth ? ( split( ' ', $auth ) )[1] : undef;

	return $self->_validate( $c, $token );

} ## end sub _validate_auth_header

sub _validate_route {
	my ( $self, $route, $c, $captures, $arg ) = @_;

	my $headers = $c->req->headers;
	my $auth    = $headers->header('Authorization');
	my $token   = $auth ? ( split( ' ', $auth ) )[1] : undef;

	return $self->_validate( $c, $token ) ? 1 : 0;

} ## end sub _validate_route


1;

=pod

=encoding UTF-8

=head1 NAME