NAME

Plack::Middleware::DoormanOpenID - The OpenID sign-in middleware.

SYNOPSIS

    use Plack::Builder;
    builder {
        enable "Session::Cookie";
        enable "DoormanOpenID", scope => 'users';

        sub {
            my $env = shift;
            my $doorman = $env->{'doorman.users.openid'};

        }
    };

DESCRIPTION

OPTIONS

  • secret

    YOU MUST PROVIDE THIS VALUE IN YOUR PRODUCTION APP.

    The consumer secret string to initiate the Net::OpenID::Consumer object. It should be a long, random, difficult-to-guess string. For example:

        T{"<gshFg$Xi<]|r%io\%7MS]'Foj=)2YKiGeB<6FFePPS*h}%meU?H]0/Pu,x/QX.Vq4\Pljr=)yjcI]/M(EFft~_)'$wsIEZuCbc=uWpj-5Fkp>GZl~|/_-4Qk`+4F&V8cg%{/a\-<

    DoormanOpenID provides some default value for you to quickly play with Doorman without having to provide too many configs. However, if you do not provide your own value, malicious attackers might be able forge your app in a man-in-middle attacking scenario.

  • scope

    This setting is optional with default value "users", and useful if you need multiple roles to login in to your system.

    For example, if you need "users" and "admins" roles to have different login session, you can achieve it by:

        enable "DoormanOpenID", scope => "users";
        enable "DoormanOpenID", scope => "admins";

    For each scope, a path named after that scope is taken by DoormanOpenID middleware as the end-points to perforam openid login.

    By default, the following paths and HTTP methods are responded by the DoormanOpenID middleware:

        POST /users/sign_in
        GET  /users/sign_out
        GET  /users/openid_verified

    For the "admins" scope, it'll add:

        POST /admins/sign_in
        GET  /admins/sign_out
        GET  /admins/openid_verified
  • root_url

    The application root url that consumes openid. Usually this is guessed, and good enough. If your application lives under some path, like, http://foo.com/app, you need to pass that as the value of this.

METHODS

  • is_sign_in

    Returns true if the current session is considered signed in.

  • verified_identity_url

    Returns the verified OpenID URL if current session is sign in. Returns undef otherwise.

  • sign_in_path, sign_in_url

    Returns a path, or full url, that is used to let user POST an openid url to sign in. It should be used as the value of "action" attribute of a form. For example:

        my $doorman = $env->{'doorman.users.openid'};
    
        my $sign_in_form = <<HTML;
        <form method="POST" action="@{[ $doorman->sign_in_path ]}">
            <label for="openid">OpenID</label>
            <input type="text" id="openid" name="openid" autofocus>
            <input type="submit" value="Sign In">
        </form>
        HTML

    At this point you need to name the parameter openid.

  • sign_out_path, sign_out_url

    Returns a path that, when visited, wipes out the signed in information in the session.

1 POD Error

The following errors were encountered while parsing the POD:

Around line 196:

You forgot a '=back' before '=head1'