{"id":32215839,"url":"https://github.com/domm/plack-middleware-auth-jwt","last_synced_at":"2025-10-22T07:53:29.325Z","repository":{"id":21679015,"uuid":"93744726","full_name":"domm/Plack-Middleware-Auth-JWT","owner":"domm","description":"Token-based Auth (aka Bearer Token) using JSON Web Tokens (JWT)","archived":false,"fork":false,"pushed_at":"2023-04-04T14:17:31.000Z","size":32,"stargazers_count":0,"open_issues_count":0,"forks_count":2,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-10-22T07:53:15.600Z","etag":null,"topics":["hacktoberfest","jwt","plack","psgi"],"latest_commit_sha":null,"homepage":"","language":"Perl","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/domm.png","metadata":{"files":{"readme":"README.md","changelog":"Changes","contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2017-06-08T12:05:52.000Z","updated_at":"2022-02-22T08:45:53.000Z","dependencies_parsed_at":"2024-06-21T17:51:39.523Z","dependency_job_id":"d4a03bc8-87b1-41ce-8704-8e8cceb97199","html_url":"https://github.com/domm/Plack-Middleware-Auth-JWT","commit_stats":{"total_commits":22,"total_committers":3,"mean_commits":7.333333333333333,"dds":0.09090909090909094,"last_synced_commit":"6a60eb017a524269c8fc138d6716b211381dfcf0"},"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"purl":"pkg:github/domm/Plack-Middleware-Auth-JWT","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/domm%2FPlack-Middleware-Auth-JWT","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/domm%2FPlack-Middleware-Auth-JWT/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/domm%2FPlack-Middleware-Auth-JWT/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/domm%2FPlack-Middleware-Auth-JWT/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/domm","download_url":"https://codeload.github.com/domm/Plack-Middleware-Auth-JWT/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/domm%2FPlack-Middleware-Auth-JWT/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":280402183,"owners_count":26324587,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-10-22T02:00:06.515Z","response_time":63,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hacktoberfest","jwt","plack","psgi"],"created_at":"2025-10-22T07:53:22.001Z","updated_at":"2025-10-22T07:53:29.321Z","avatar_url":"https://github.com/domm.png","language":"Perl","funding_links":[],"categories":[],"sub_categories":[],"readme":"# NAME\n\nPlack::Middleware::Auth::JWT - Token-based Auth (aka Bearer Token) using JSON Web Tokens (JWT)\n\n# VERSION\n\nversion 0.907\n\n# SYNOPSIS\n\n    # use Crypt::JWT to decode the JWT\n    use Plack::Builder;\n    builder {\n        enable \"Plack::Middleware::Auth::JWT\",\n            decode_args =\u003e { key =\u003e '12345' },\n        ;\n        $app;\n    };\n\n    # or provide your own decoder in a callback\n    use Plack::Builder;\n    builder {\n        enable \"Plack::Middleware::Auth::JWT\",\n            decode_callback =\u003e sub {\n                my $token = shift;\n                ....\n            },\n        ;\n        $app;\n    };\n\n\n    # curl -H 'Authorization: Bearer eyJhbG...'\n    # if the JWT is valid, two keys will be added to $env-\u003e{psgix}\n    # $env-\u003e{'psgix.token'}  = 'original_token'\n    # $env-\u003e{'psgix.claims'} = { sub =\u003e 'bart' } # claims as hashref\n\n# DESCRIPTION\n\n`Plack::Middleware::Auth::JWT` helps you to use [JSON Web\nTokens](https://en.wikipedia.org/wiki/JSON_Web_Token) (or JWT) for\nauthentificating HTTP requests. Tokens can be provided in the\n`Authorization` HTTP Header, or as a query parameter (though passing\nthe JWT via the header is the prefered method).\n\n## Configuration\n\nTODO\n\n### decode\\_args\n\nSee [\"decode\\_jwt\" in Crypt::JWT](https://metacpan.org/pod/Crypt%3A%3AJWT#decode_jwt)\n\nPlease note that `key` might has to be passed as a string-ref or an object, see [Crypt::JWT](https://metacpan.org/pod/Crypt%3A%3AJWT)\n\nIt is **very much recommended** that you only allow the algorithms you are actually using by setting `accepted_alg`! Per default, 'none' is **not** allowed.\n\nHardcoded:\n\n        decode_payload = 1\n        decode_header  = 0\n\nDifferent defaults:\n\n        verify_exp = 1\n        leeway     = 5\n\nYou either have to use `decode_args`, or provide a [decode\\_callback](https://metacpan.org/pod/decode_callback).\n\n### decode\\_callback\n\nCallback to decode the token. Gets the token as a string and the psgi-env, has to return a hashref with claims.\n\nYou have to either provide a callback, or use [decode\\_args](https://metacpan.org/pod/decode_args).\n\n### psgix\\_claims\n\nDefault: `claims`\n\nName of the entry in `psgix` were the claims are stored, so you can get the (for example) `sub` claim via\n\n    $env-\u003e{'psgix.claims'}-\u003e{sub}\n\n### psgix\\_token\n\nDefault: `token`\n\nName of the entry in `psgix` were the raw token is stored.\n\n### token\\_required\n\nDefault: `false`\n\nIf set to a true value, all requests need to include a valid JWT. Default false, so you have to check in your application code if a token was submitted.\n\n### ignore\\_invalid\\_token\n\nDefault: `false`\n\nIf set to a true value, passing an invalid JWT will not abort the\nrequerst with status 401. Instead the app will be called as if no\ntoken was passed at all.\n\nYou can use this to implement another token check in a later\nmiddleware, or even in your app. Of course you will then have to check\nfor `$env-\u003e{psgix.token}` in your controller actions.\n\n### token\\_header\\_name\n\nDefault: `Bearer`\n\nName of the token in the HTTP `Authorization` header. If you set it to `0`, headers will be ignored.\n\n### token\\_query\\_name\n\nDefault: `token`\n\nName of the HTTP query param that contains the token. If you set it to `0`, tokens in the query will be ignored.\n\n## Example\n\nTODO, in the meantime you can take a look at the tests.\n\n# SEE ALSO\n\n- [Crypt::JWT](https://metacpan.org/pod/Crypt::JWT) - encode / decode JWTs using various algorithms. Very complete!\n- [Introduction to JSON Web Tokens](https://jwt.io/introduction) - good overview.\n- [Plack::Middleware::Auth::AccessToken](https://metacpan.org/pod/Plack::Middleware::Auth::AccessToken) - a more generic solution handling any kind of token. Does not handle token payload (`claims`).\n\n# THANKS\n\nThanks to\n\n- [validad.com](https://www.validad.com/) for supporting Open Source.\n- [jwright](https://github.com/jwrightecs) for fixing a\nregression in the tests caused by an update in [Crypt::JWT](https://metacpan.org/pod/Crypt%3A%3AJWT) error\nmessages. The same issue was also reported by SREZIC.\n- [Michael R. Davis](https://github.com/mrdvt92) for fixing a typo.\n\n    \\+item \\* [Balloon Metainfo XR GmbH](https://balloon-events.com/) for supporting Open Source and sponsoring some improvements.\n\n# AUTHOR\n\nThomas Klausner \u003cdomm@plix.at\u003e\n\n# COPYRIGHT AND LICENSE\n\nThis software is copyright (c) 2017 - 2022 by Thomas Klausner.\n\nThis is free software; you can redistribute it and/or modify it under\nthe same terms as the Perl 5 programming language system itself.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdomm%2Fplack-middleware-auth-jwt","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdomm%2Fplack-middleware-auth-jwt","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdomm%2Fplack-middleware-auth-jwt/lists"}