Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/hkoba/perl-plack-middleware-validate_google_iap_jwt

Plack::Middleware::Validate_Google_IAP_JWT - Validate JWT given from Google IAP
https://github.com/hkoba/perl-plack-middleware-validate_google_iap_jwt

Last synced: 23 days ago
JSON representation

Plack::Middleware::Validate_Google_IAP_JWT - Validate JWT given from Google IAP

Host: GitHub
URL: https://github.com/hkoba/perl-plack-middleware-validate_google_iap_jwt
Owner: hkoba
License: other
Created: 2024-12-18T01:46:30.000Z (24 days ago)
Default Branch: main
Last Pushed: 2024-12-18T02:11:39.000Z (24 days ago)
Last Synced: 2024-12-18T03:19:17.657Z (24 days ago)
Language: Perl
Homepage:
Size: 16.6 KB
Stars: 0
Watchers: 1
Forks: 0
Open Issues: 0
Metadata Files:
- Readme: README.md
- Changelog: Changes
- License: LICENSE

Awesome Lists containing this project

README

        [![Actions Status](https://github.com/hkoba/perl-Plack-Middleware-Validate_Google_IAP_JWT/actions/workflows/test.yml/badge.svg)](https://github.com/hkoba/perl-Plack-Middleware-Validate_Google_IAP_JWT/actions)

# NAME

Plack::Middleware::Validate\_Google\_IAP\_JWT - Validate JWT from Google IAP

# SYNOPSIS

    use Plack::Builder;

    my $app = sub {

      my $env = shift;

      return [200, [], ["Validated email: ", $env->{"psgix.goog_iap_jwt_email"}]]

    };

    builder {

      enable "Validate_Google_IAP_JWT", want_hd => "example.com"

        , guest_subpath => "/guest/";

      $app;

    };

# DESCRIPTION

Plack::Middleware::Validate\_Google\_IAP\_JWT is a Plack middleware that validates JWT from

[Google Cloud Identity-Aware Proxy(IAP)](https://cloud.google.com/security/products/iap). 

Although Cloud IAP rejects unauthorized access from public networks, 

internal processes on the same network can still spoof the identity.

To protect against such security risks, Cloud IAP provides a special HTTP header, ['x-goog-iap-jwt-assertion'](https://cloud.google.com/iap/docs/signed-headers-howto),

which carries JWT containing the email address of the authenticated end user.

 This middleware protects Plack apps by validating the JWT.

# CONFIGURATION

## want\_hd

Expected hosted domain. See [https://cloud.google.com/iap/docs/signed-headers-howto#verifying\_the\_jwt\_payload](https://cloud.google.com/iap/docs/signed-headers-howto#verifying_the_jwt_payload).

## guest\_subpath

If set, allows guest access for this subpath.

# METHODS

## fetch\_iap\_public\_key

Fetch [https://www.gstatic.com/iap/verify/public\_key-jwk](https://www.gstatic.com/iap/verify/public_key-jwk) and returns decoded json.

# LICENSE

Copyright (C) Kobayasi, Hiroaki.

This library is free software; you can redistribute it and/or modify

it under the same terms as Perl itself.

# AUTHOR

Kobayasi, Hiroaki